Spam e-mails - General
The first thing we should consider about Spam e-mails is that it is impossible to stop them entirely. Indicatively, over 90% of the e-mails received by an e-mail server daily are classified as Spam. It is no exaggeration to say that at the Department of Physics, on daily basis e-mail filters stop or identify thousands of e-mails as Spam. It is therefore important that a user can recognize Spam e-mails to avoid the dangers associated with their content.
Spoofing
One of the most common cases of Spam is when the spammer transforms the sender's e-mail address in such a way that it appears either normal (something known to the receiver), or completely fictitious (but properly defined) and not relevant to their real address. There are many ways to do this, typically using specialized software. In many cases they use machines infected with viruses, worms, trojans, etc, which they take under their control and start sending e-mails as Spam.
This methodology, although it is very simple to implement, can be extremely dangerous for the recipient, since, if the sender is known, he/she will open the e-mail without reservation and follow links or instructions contained in it. Thus, it is possible either to put himself in danger (e.g. by sending personal information to unauthorized persons) or the whole network (e.g. by downloading a virus , worm or trojan at his computer and send Spam e-mail to others).
How to recognize Spam mail?
If an e-mail looks slightly suspicious or contains unusual content, you should always check the sender's address. All e-mail clients (including Webmail) display as sender the contents of the field "From" of the e-mail. A more thorough check can reveal the actual sender's address. This is possible either by choosing "Toggle raw message headers" from Webmail, or the "Menu View → Headers → All", from Thunderbird, or from the relevant menu of another e-mail client. A simple observation of the various fields displayed in headers can be an important indication that an e-mail is actually Spam:
In this example, a link appears in the e-mail content. An additional control of that link proves that this e-mail is Spam and in particular belongs to the category of " phishing " e-Mails, which is the most dangerous.
What to watch out for
-
Never give out personal information or data to third parties, unless it is absolutely necessary and the sender is a certified entity or organization. Also keep in mind that if you are asked to send specific details via e-mail, it will always be in a way that you have agreed with the specific entity beforehand. Almost never is the e-mail, a way of sending personal or very sensitive information to anyone.
-
If you must use the e-mail to receive or send sensitive information, it is advisable to use some kind of encryption so that its content cannot be intercepted. We remind here that SMTP protocol used for communication between mail servers is not covered by encrypted or secure communication mode.
-
Please be aware that the staff of the Computer Center when sending you an e-mail, will never use expressions like, "Dear Customer," "Dear account holder" etc., while the signature of e-mail will not contain expressions like "Physics Department customer Service". Instead it will display the personal signature of the person who sent you the e-mail. Finally, it does not contain any kind of copyright (eg "Copyright © 2015 Physics Support Team", etc.).
-
Also, illegible e-mails with a lot of errors, are very likely to be automated translated Spam mails.
-
Various e-mails that ask you to open the attached file containing no special explanations, especially when they come from people unknown to you, are probably dangerous.
-
E-mails containing links that refer to sites outside the Department and urge you to follow the links in order to refresh "your e-mail subscription" are suspicious and dangerous. Do not open them.
-
In any case, you should treat with skepticism and caution the e-mails you receive, especially when they come from people you do not recognize or contain unexpected content.