The University of St. Thomas

Spam & Phishing

Spam & Phishing

Important information about dealing with e-mail spam and phishing attempts


Spam Overview

As email is an essential communication tool at UST we all know how frustrating it can be to open up a mailbox only to find it filled with spam. As a way to help alleviate this problem, IRT uses MailMarshal, a fast and easy to use email filter. MailMarshal scrutinizes all of the components of an email message, including text, attachments and embedded content to offer an additional layer of security. This means less spam and the ability to block or accept email based on the sender.

Unfortunately, while nothing can be done to completely prevent spam email from coming in to your UST email account, you can, use MailMarshal to block much of the spam from getting to your mailbox. 

MailMarshal Instructions

 To Log into MailMarshal

  1. Open you web browser
  2. Go to: http://mail.stthomas.edu
  3. At the login screen, click on the MailMarshal button.
  4. Login with your UST network username and password.

Using MailMarshal

You can find MailMarshal on the Outlook Web Access page at http://mail.stthomas.edu, Look for the MailMarshal link.  Use your UST username and password and browse through all of the spam addressed to you and update the list with your safe and blocked preferences using the buttons on MailMarshal's welcome page. 

1. Review blocked email 

Click on the "Blocked Mail" to see all spam that currently comes addressed to your mailbox. 

Note:  Most likely there are multiple pages, so don’t forget to scroll all the way to the bottom to view next pages.

2. Manage Senders

On this page you can add senders to a list of either "safe" (i.e. not spam) senders or "blocked" (i.e. spam/phishing) senders.

3.  User Settings

Use this section to change the default language of your MailMarshal view, and to customize the appearance of the welcome page.  It is not recommended to add delegates or to use MailMarshal to manage spam on email addresses other than your UST email.

 

MailMarshal FAQs

  1. Email I want to receive is being blocked. How do I unblock it?
  2. Can I block the Bulletin or any other UST email address?
  3. I get many messages from bob@abc.com and phil@abc.com.  Can I block everything that comes from @abc123.com?
  4. I see some senders from @stthomas.edu addresses; I thought that UST addresses couldn't be blocked.
  5. Can I apply this filtering on the secondary mailbox I manage?
  6. How often do I need to look at MailMarshal?
  7. What should I do if I still keep getting lots of spam in my mailbox?
  8. I have more questions about MailMarshal, who can I contact?

 

1.  Email I want to receive is being blocked. How do I unblock it?   

When you are browsing the list of blocked email, you find an email that you want to receive, you can:

  • Click on the subject to view the message (Note: links within the email will not function and linked graphics will not appear); or
  • Check the box to the left of the email and click the "unblock email" icon; or
  • Click on the "add to safe senders" icon to receive all messages from this sender in the future and unblock the checked messages.


2.  Can I block the Bulletin or any other UST email address?   

No. For business purposes, UST email addresses cannot be blocked. If UST addresses are added to the blocked senders list, MailMarshal will ignore them.

 

3.  I get many messages from bob@abc123.com and phil@abc123.com.  Can I block everything that comes from @abc123.com?   

Yes!  In your blocked senders list add *@abc123.com.  (by using the * it will block any email address that has the domain @abc123.com)

 

4.  I see some senders from @stthomas.edu addresses; I thought that UST addresses couldn't be blocked.   

UST addresses can't be blocked; these messages are spoofed** and MailMarshal detects them as spoofed and blocks them.

**Spoofing is forging an email message to make it appear as if it came from somewhere or someone other than the actual source.  More information on spoofing can be found at: http://www.webopedia.com/TERM/E/e_mail_spoofing.html


5.  Can I apply this filtering on the secondary mailbox I manage?   

No. Unfortunately, MailMarshal's advanced functions will not work on secondary mailboxes. Only mailboxes tied to a username can use the new MailMarshal web pages.
 

6.  How often do I need to look at MailMarshal?    

MailMarshal PERMANENTLY deletes email two weeks after it is received.  Put a reminder on your calendar every other week to review blocked email in MailMarshal.  Once a message has been deleted in MailMarshal, it cannot be recovered.

 

7.  What should I do if I still keep getting lots of spam in my mailbox?   

You can report spam by sending any spam messages you receive to the spam reporting email address, spam@stthomas.edu.  Please do not forward any spam to this address, but rather attach spam messages in a separate email.  IRT will make every effort to include messages forwarded to spam@stthomas.edu into MailMarshal, but we cannot guarantee that spam won't get through in the future.


8.  I have more questions about MailMarshal, who can I contact?   

Please contact the IRT Tech Desk with questions, comments or concerns.

 

In the past several months, we have seen an increase in the number of “phishing” emails sent to UST accounts.  It is important to never provide anyone with your password, Social Security Number, credit card number, or any other information via email and IRT will never request your username or password from you via email. 

What is phishing?

Phishing e-mails attempt to deceive the recipient into giving up private information in a response to a message or by leading the recipient to a fraudulent Web site. Individuals who send these messages will then use the returned username and password to send further spam through the victim’s account, or attempt to gain access to sensitive information for illegal purposes.   It is called phishing because it “baits” the recipient into providing personal information.

How can you tell if an email is not legitimate?

The simplest way to avoid becoming the victim of a phishing attack is to never click on a link from an unsolicited email or reply to an email with personal information.

Some other ways to avoid becoming a victim are:

  • Hold your cursor over the link. A text message will show the URL of the website you will be directed to. If it is not the website of the company sending the email, or it doesn’t start with “https” you can be pretty sure you’ve been phished.
  • Never reply to a phishing email; this can give the potential thieves information about you.
  • Keep your virus and firewall software up-to-date; some phishing attacks carry harmful viruses or trojans that can collect personal information from your computer.
  • Never open attachments that end in .exe or aren’t from a trusted source.

A good resource for more information on phishing scams is available here.

A recent example of a phishing email sent to Saint Thomas can be seen below.

 Example of Phishing Email

What are we doing to prevent phishing at Saint Thomas?

MailMarshal is a UST provided tool that utilizes a number of anti-spam and anti-phishing filters to trap unwanted messages.   However, the reality is that as we advance in our understanding of how spammers and phishers work, they too advance in their methods of circumventing our security measures.  As seen in the example above, some of them have carefully crafted their letters to actually appear to come from a legitimate branch of IRT and often are crafted in a way that our spam filter updates cannot differentiate between phishing email and legitimate e-mail.

How can you help?

As mentioned, never reply to phishing messages if you receive one.  We rely heavily on the user community to inform IRT as quickly as possible when a message gets by MailMarshal filters so that we can minimize negative impact to the email environment.