Spam is unsolicited email which is often offensive and mainly consists of adverts for pornographic websites, drugs, mortgages or consumer goods. It also takes the form of messages encouraging you to click on dangerous attachments or input personal details (also known as phishing).
Phishing attacks are where criminals send you emails which attempt to trick you into releasing your details, changing payment details for companies or individuals or sending money or vouchers. Often, the emails advise you of changes or issues which require you to provide your username and password, enabling the criminals to use these details to access your account or to send spam from your email address but can also take a more subtle approach of presenting to be a senior person requesting an urgent change or request for funds.
Tip 1: Don't get phished and make it worse
Never click on links in emails which ask you to input information (such as usernames and passwords). If you are ever unsure whether an email is legitimate, do not click on links in it.
Tip 2: Increase personal filtering level
- In Outlook, from the Home tab, select Junk (under the Delete section).
- Select Junk Email Options.
- Change the level of junk email protection to High.
Remember to check your junk folder regularly for legitimate emails.
Tip 3: Create your personal block list
If you receive unsolicited email from a small number of particular email addresses or containing particular words, you can ensure this always goes to Junk Email. See Block specific senders and words in Outlook.
Tip 4: Use another account
Don't use your Lancaster email address for signing up to things online, such as shopping sites or newsletters. Use a seperate email account for this.
Don’t publish your personal University email address on web sites when a shared email address would be more appropriate.
Frequently asked questions
- The wording is designed to scare you into replying, or responding to a link – such as stating that your account has been compromised – change your password now.
- You are addressed as Dear Customer or Dear Student, rather than by your first and last name.
- The email could look like it's coming from a sender you know, but the content of the email isn't what they would be likely to send you.
- You are asked to supply personal or financial information, or login details.
- There is poor spelling, punctuation and grammar in the email.
- When you hover your mouse over a link in the email, you can see that it goes to a website that you don't recognise, or doesn't relate to the organisation you thought it should.
- The email is unexpected and contains an attachment.
- The email is personalised to look real, asking for a personal request that is not part of your job description (e.g. email sent from email@example.com asking for you to send emergency payment vouchers).
This list is not exhaustive, if you are suspicious of an email for any reason, do not trust it.
Nowadays, there is an increase in impersonation emails. This is where someone will target an individual with a very sophisticated looking email that contains personalised information making it look genuine. New staff are sometimes targeted as they are unsure of the working practice in a new role. For example, an email from your director's personal email account asking you to purchase some vouchers or send some money as the company credit card is not working. You should check anything that seems suspicious – anyone can make up a free personal email and pretend to be someone so check if the email from the sender's actual email. Even if it is, their account could have been compromised.
- Don’t reply.
- Don’t click on links.
- Don't copy and paste links into your web browser.
- Do not trust the contact details in the email – if in doubt, phone the company on the trusted number or go to their website directly using a trusted web address.
- Delete it.
If you have revealed your username and password in an email or via a linked website, and you think that you are victim of a phishing attack, you can recover your security and privacy by doing the following:
- Report the phish attack to the ISS Service Desk. The ISS Service Desk may ask you for a copy of the original phishing email. To send this to them, see Reporting phishing attacks.
- Change your University network password.
- Follow any advice given to you by the ISS Service Desk.
- Contact any other relevant organisations (e.g. your bank) as soon as possible using trusted contact details.
If the Service Desk confirms that your security has been compromised it is advisable to change all your passwords including, for example, passwords for your bank, Amazon and other commercial accounts.
Occasionally legitimate emails may accidentally be identified as spam. Ensure you check your Junk Email folder regularly. If you find legitimate email, right click on it, and from the Junk section select Not Junk.
If these are marked *ISS-Detected SPAM*, you should send them to False Spam (in the global address list). For step-by-step instructions, see: Report email wrongly marked as ISS-Detected SPAM. You can also help your recipient by passing them this information about how the University blocks spam.
For information about how to prevent emails you send being marked as spam, see Stop your outgoing email from being marked as spam.
SpamAssassin is an anti-spam program which ISS runs across the University email systems.
It checks all incoming email using a scoring mechanism to determine whether emails are genuine or spam.
In 2016-17, an average of 40 million emails a month were directed to the university:
- Around 70% were removed as obvious spam or infection by a combination of services;
- 5% of those were passed through as *ISS detected SPAM* for users to decide; and
- 25% of messages were classed as legitimate and allowed through.
In the 25% allowed through (around 10 million emails each month) we estimate about 2% are undetected spam, these are often very short messages which automatic systems just can’t detect without impacting on the legitimate emails.
How the SpamAssassin spam filter works
Some of the things the filters look for are obvious. Words like 'viagra' and 'make money fast' in the message all add small positive amounts to the score. Text that comes as part of images or is downloaded from the web only when you actually read the message can't be scanned - but the filters do assess the message for how much text they contain compared to how much web content, and whether the web content contains a lot of ALL CAPS, bold text in large font sizes etc.
More weighting is given to 'delivery' information that accompanies each message (you don't normally see this when you read your mail). Bulk mailing tools used by spammers tend to leave their signatures here, and the filters evaluate whether the information is consistent, realistic, or has known bulk-mailer characteristics.
Does this mean I'll never get spam again?
Unfortunately, no. Although the approach used by the filters is very successful, and can be tuned over time to recognise spam even better, tests show that just over 80% of the spam that comes in to the University can be detected. However, that's a very substantial reduction.
SpamAssassin is being constantly developed to improve its detection rate; but of course, spammers are at the same time adapting their techniques to beat anti-spam programs.
Will genuine emails get lost by mistake?
Tests indicate that with the filters' sensitivity set to detect about 80% of the incoming spam, there should be very few cases where genuine email is misidentified as spam, and the system is monitored. However, if you believe that you're not receiving email that you expect, you should contact ISS.
It does sometimes happen that the system sometimes refuses a genuine message from a legitimate source, if that source happens to be on a blacklist or block list. Those on these lists have been identified as sending spam in the past. An error report goes back to the sender explains that the problem must be addressed at the sender's end.