How to Deal with Spam (of the non-edible variety)

We’ve all seen them: a seemingly innocent email arrives purporting to be from your company’s Help Desk, your system administrator, or some wealthy prince of Nigeria. These emails ask for personal information such as usernames, passwords, bank account information, or even money. Responding to such emails often results in locked accounts, boatloads of more incoming spam, or worse. Below are some hints to help you recognize these emails:

What is Spam?

Spam is unsolicited email. Much like the “junk mail” from the normal post office, these messages can simply be erased or ignored. In order to limit the amount of spam arriving to your email inbox, many email services utilize a spam filtering service (i.e. Google’s Postini service) to automatically check and block potential spam messages.
There are different types of spam messages:

Some spam messages want you to purchase things. These are mostly harmless, and can be blocked and deleted.
A spam email may contain a file attachment, usually containing malicious software (malware) to infect your machine. The virus can steal information without your knowledge as well as use your machine in future attacks on other machines.
A phishing email is one that attempts to “fish out” information, including usernames and passwords, social security numbers, bank account information, etc. Once the phisher has this information, they use the compromised account to, in turn, send out thousands of similar messages to other unsuspecting recipients. Reputable institutions will NEVER ask for your username and password via email. Once other organizations see compromised email addresses sending thousands of spam messages, they block all further emails from that domain, including legitimate correspondences, in an effort to protect their own users. This causes a disruption in communication as recipients having addresses from other domains (i.e. Live, Gmail, Hotmail) no longer receive messages from you.

Some messages are still getting through my email’s spam service. What should I do?

DO NOT RESPOND TO THE EMAIL!! First, if your email provider supports it, submit the email to their spam service. If you are unsure whether or not a message is spam, please contact either your company’s Help Desk or possibly even your email service provider. Finally, be aware of what sites are asking for your email address. Check if their privacy policies will protect your information or if they send that personal information onto other third parties.

I may have given my information to a phisher. What should I do?

Everyone makes mistakes sometimes. If you feel that you may have compromised your account, contact your account provider immediately. If you still can log into the account, change the password as soon as possible to prevent any malicious usage on your account. Make an appointment with your company’s Help Desk as soon as possible. The worst thing you could do is ignore this! Take action immediately!