** The SCEC IT Department will never ask for your password via email, ask for money nor have you install software via a link.
If you get an email stating otherwise, please contact your technology coordinator at your building immediately. **
Junk and Phishing Email Tips
The Junk Email Filter is designed to keep junk email messages, also known as spam, from cluttering your Inbox. By default the Junk Email Filter is turned on and the setting designed to catch the most obvious spam. Messages detected by the Junk Email Filter are moved to the Junk E-mail folder.
Note: While the Outlook Junk Email Filter protects against much of the spam sent to you, no filter can catch every junk message.
1.) Report junk email and phishing scams in Outlook on the web
A. Click on the junk message and then click "Junk" on the toolbar. This moves the message to your Junk email folder and adds the sender to your blocked sender list.
*Alternatively, right-click a message to display a menu, and click Report>Report Junk.
You can report a junk message from your Inbox, Clutter, or Deleted Items folder.
B. A dialog box opens asking if you want to send a copy of the junk email message to Microsoft for analysis. Click report to send the message to the Microsoft Spam Analysis Team. Optionally, select the Don’t show me this message again check box if you want to automatically submit future junk messages to Microsoft without being prompted.
*Even if you select the Don’t show me this message again check box, you can later change your preferences for reporting junk email by accessing the display settings in Outlook on the web. (You can access these settings through the gear menu next to your sign in name.)
2.) Submit Phishing messages in Outlook on the web
A. Click on the phishing scam message, click the down arrow next to Junk, and then click Phishing on the toolbar. Office 365 does not block the sender because senders of phishing scam messages typically impersonate legitimate senders. If you prefer, add the sender to your blocked senders list by following the instructions in the topic Block or allow (junk email settings).
*Alternatively, right-click a message to display a menu, and click Report>Report phishing. You can report a phishing scam message from your Inbox, Clutter, or Deleted Items folder.
B. A dialog box opens asking if you want to send a copy of the phishing scam email to Microsoft for analysis. Click report to send the message to the Microsoft Spam Analysis Team. This reporting option is currently available to a limited number of organizations; you might not be asked to report a phishing scam to Microsoft.
3.) Submit "not junk" messages in Outlook on the web
1. In your Junk email folder, click on the message and then click Report>Not Junk on the toolbar. This moves the message to your Inbox and adds the sender to your safe senders list.
*Note: You can also right-click on a message in your Junk mail folder to display a menu and click Report>Not junk
2. A dialog box opens asking if you want to send a copy of the not junk email message to Microsoft for analysis. Click report to send the message to the Microsoft Spam Analysis Team..
Do's and Dont's with Your Email
- Use ECPS email address to sign up for things that are NOT business-related.
- Use ECPS email to send out personal emails to friends and family.
- Use ECPS email address for personal online shopping, social media accounts, etc.)
- Put your job at risk. You can be fired for causing a data breach.
- Sign on to your ECPS email if you are using a public/shared computer.
- Reply to any suspicious emails.
- Separate ECPS email from personal when it comes to emails.
- Change your email password periodically and use complex passwords.
- Ask that your ECPS email not be shared with third-parties.
- Delete emails that are personal or forward to a personal email address and reply then.
- Double-check that outgoing ECPS emails are going to the right place.
- Sign out of your ECPS email once you are finished.
If you suspect that an email or text message you received is a phishing attempt:
- Do not open it. In some cases, the act of opening the phishing email may cause you to compromise your security.
- Delete it immediately to prevent yourself from accidentally opening the message in the future.
- Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
- Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites.
- Do not reply to the sender. Ignore any requests the sender may solicit and do not call phone numbers provided in the message.
- Report it. Help others avoid phishing attempts: Please contact your technology coordinator at your building immediately.
Phishing questionsQuestions about Phishing and how you can protect yourself against these extremely common scams
What is Phishing?
Phishing is a type of attack carried out in order to steal information or money. Phishing attacks can occur through email, phone calls, texts, instant messaging, or social media. Attackers are after your personal information: usernames, passwords, credit card information, Social Security numbers. However, they are also after intellectual property, research data, and institutional information. Phishing scams can have several goals, including:
- Stealing from victims - modifying direct deposit information, draining bank accounts.
- Performing identity theft - running up charges on credit cards, opening new accounts.
- Purchasing items - buying gift cards, tricking victims into working on their behalf.
- Getting victims to act - clicking on malicious links, installing malware on their devices.
How can I identify a Phishing scam?
The first rule to remember is to never give out any personal information in an email. No institution, bank or otherwise, will ever ask for this information via email. It may not always be easy to tell whether an email or website is legitimate and phishing emails are using social engineering tactics to make create sophisticated scams.
- In the body of an email, you might see questions asking you to “verify” or “update your account” or “failure to update your records will result in account suspension.” It is usually safe to assume that no credible organization to which you have provided your information will ever ask you to re-enter it, so do not fall for this trap.
- Any email that asks for your personal or sensitive information should be seriously scoured and not trusted. Even if the email has official logos or text or even links to a legitimate website, it could easily be fraudulent. Never give out your personal information.
Why is understanding the risk of Phishing important?
Phishing attacks are a constant threat to campus and are becoming increasingly sophisticated. Successful Phishing attacks can:
- Cause financial loss for victims
- Put their personal information at risk
- Put the district data and systems at risk
- All SCEC employees are responsible for protecting institutional data.
Who do I contact if I think my SCEC credentials were compromised?
If you believe your credentials have been compromised;
- You must reset your email password immediately
- Contact the work-order person in your building and have them create a work-order
How would I know if my credentials were compromised?
You may not always know. Scams and malware that steal passwords are designed to be stealthy and unnoticed.
Passwords are most frequently compromised one of three ways:
- Being tricked to giving up your credentials at a real-looking but scam website (AKA Phishing)
- Malware or other compromises of your device which installs software designed to run in the background and steal passphrases
- Re-using SCEC credentials for non-SCEC websites, and the non-SCEC websites are hacked and all credentials exposed
However, a couple of tell-tale signs of credential compromise are:
- Your colleagues and friends have received unexpected messages from your email account (spam or additional Phishing emails)
- You suddenly cannot login with your SCEC credentials
Do I only need to worry about Phishing attacks via email?
No. Phishing attacks can also occur through phone calls, texts, instant messaging, or malware on your computer which can track how you use your computer and send valuable information to identity thieves. It is important to be vigilant at all times and remain suspicious of sources that ask for your credentials and other personal information.