User Tools

Site Tools


comphelp:security:email

Email Security

EMAIL IS NOT SECURE You should not trust that the email came from the address it appears to come from (spoofing, domain impersonation, compromised accounts), that the links are what they appear (different text from the underlying link, domain impersonation, malicious URL shorteners), or that attachments are safe (virus scanning is much better at known threats than new threats).

Recommendations

  • If you weren't expecting an email be extremely wary of it
  • If you are ever suspicious of an attachment feel free to send it to CompHelp for review. We can open them in a virtual machine so as to not risk a real system
  • Do not trust links, especially for anything prompting for a password. It is much better to use UW search to navigate to the same page whenever possible. ess looks a lot like ėss, and it is possible to use foreign language character sets to make a fake domain URL indistinguishable from the real domain even in the URL bar (see https://www.xudongz.com/blog/2017/idn-phishing/ for examples)
  • Likewise the from address can be easily spoofed; you see this in the event announcement emails which appear to come from essadv@uw.edu but are actually generated by a script.
comphelp/security/email.txt · Last modified: 2017/08/01 16:19 by essach