Avoiding Spam Victimization
07.February.2011 22:15 Filed in: Tech Tips
Today, District 21
staff members receive very little spam despite the
fact that over 90% of all email is spam. For us,
nearly all of that spam is blocked by our spam
filter. The spam emails that we have recently seen
sneak through our filter typically from random and
changing domains from around the world. (A domain is
what follows the "@" symbol in an email address.)
Sometimes, though, more menacing spam can appear that
seems to be from a more trusted source.
How can spammers send email from a friend or colleague's work or personal account? This is able to happen because the account is compromised as the spam creators somehow obtain the username and password information of the email address's rightful owner in order to send from this account. This serves as a good opportunity for us to understand how this can take place and what all of us can do to try and prevent this.
How do the spam creators get the username and password information? There are two typical methods: (1) The use of software that will automatically try to enter millions of different passwords for each username until it finds one that works or (2) the user will simply give his or her username and password combination to the spammers without realizing it.
When this happens to a company or if it would happen to us, the entire company (or School District 21) would be at-risk. If our domain (@ccsd21.org) is used to send out spam, it will be blocked by other servers' spam filters, and we'll be unable to send emails to other organizations that block our emails.
So, what can you do to prevent this?
First, staff members should use rigorous passwords that do not use regular words or names. Our minimum password requirements assist with this. Organizations can and, often times, also do require users to frequently change passwords, too (i.e., every 90 days), and this further improves security.
Second, you should never give your password out--and definitely never via email. In District 21, we will not ever request password information in an email. If we did, it would only be on the phone or in-person or, possibly, via our own iChat services. Even in those cases, our preferred method for solving most problems is to temporarily change your password and then ask you to change it back when the problem has been resolved. Either way, please do not email your confidential information to anyone.
Our Internet-based safety is like our real world safety in that a "neighborhood watch" is probably the best approach to keeping all of us safe. In so many ways, it's a very different world in 2011, and we appreciate all of your efforts to keep us collectively safe and to provide instruction to our students that prepares them to be successful with these major shifts in society.
How can spammers send email from a friend or colleague's work or personal account? This is able to happen because the account is compromised as the spam creators somehow obtain the username and password information of the email address's rightful owner in order to send from this account. This serves as a good opportunity for us to understand how this can take place and what all of us can do to try and prevent this.
How do the spam creators get the username and password information? There are two typical methods: (1) The use of software that will automatically try to enter millions of different passwords for each username until it finds one that works or (2) the user will simply give his or her username and password combination to the spammers without realizing it.
When this happens to a company or if it would happen to us, the entire company (or School District 21) would be at-risk. If our domain (@ccsd21.org) is used to send out spam, it will be blocked by other servers' spam filters, and we'll be unable to send emails to other organizations that block our emails.
So, what can you do to prevent this?
First, staff members should use rigorous passwords that do not use regular words or names. Our minimum password requirements assist with this. Organizations can and, often times, also do require users to frequently change passwords, too (i.e., every 90 days), and this further improves security.
Second, you should never give your password out--and definitely never via email. In District 21, we will not ever request password information in an email. If we did, it would only be on the phone or in-person or, possibly, via our own iChat services. Even in those cases, our preferred method for solving most problems is to temporarily change your password and then ask you to change it back when the problem has been resolved. Either way, please do not email your confidential information to anyone.
Our Internet-based safety is like our real world safety in that a "neighborhood watch" is probably the best approach to keeping all of us safe. In so many ways, it's a very different world in 2011, and we appreciate all of your efforts to keep us collectively safe and to provide instruction to our students that prepares them to be successful with these major shifts in society.
