As they transition back to classes this semester, students open up their e-mail inboxes to check T-Square updates, emails from friends and the unexpected spew of emails from [email protected]
These spammers have little trouble finding Tech e-mails to send to as all university e-mails are publicly available. The open directory makes it easy for legitimate outside sources to contact students and faculty, but unfortunately gives spammers an easy target to send spam and use the name of the university to give their e-mails false legitimacy.
“Our directory is open to the world,” said Jason Belford, Office of Information Technology (OIT) Principal Information Security Engineer. “We don’t control that.”
Although students have been back for only a few weeks, they are continuing to see a series of spam e-mails with deceptive names, containing subject headers such as “Rent Georgia Tech Textbooks and save 75%,” “Student Scholarship” and “Student Grants.” Most of these are harmless vendors looking to sell things to students by e-mailing them en masse, but a few are phishing scams designed to steal passwords, e-mail accounts and other valuable information.
The best course of action, according to Belford, is to mark the message as spam. All messages marked as spam in the My GaTech e-mail browser are automatically reported to OIT.
“Once we get this, if it’s malicious, we put in an emergency rule and work with our vendors,” Belford said. “If it is not malicious, we pass the message to our vendor so they can increase the effectiveness of their future rule sets.”
Like most e-mail providers, OIT provides spam filters to filter out the billions of spam e-mails sent out every day. The filters take characteristics of the e-mail such as the e-mail address, the origin of the message, the subject line and of course the actual contents of the message and decide whether or not the e-mail is likely to be spam.
“My GaTech has a spam-scan rule that says if the scanner detects a score of 50 percent spam probability or more, it is likely spam and it gets put in the junk folder,” said Pamela Buffington, IT Support Professional Senior Manager for OIT.
The system has to find a balance between correctly flagging e-mails as junk and ensuring that legitimate e-mails are not flagged. This trade-off invariably means that some e-mails will slip through the cracks.
When it comes to avoiding phishing and other malicious e-mails, OIT’s advice is simple.
“Don’t click on links that are in these spam e-mails,” warned Buffington. “Hover over a URL before you use it.”
By following basic internet safety and reporting spam to OIT, the annoyances that come with e-mail may not always be avoided, but they may at least be kept at a minimum.