Dealing With Spam and Phishing Scams
Dealing with Spam
All email from outside Solid passes through the campus spam filters before landing in your Solid inbox. Campus has a scoring system for spam that is given as a number of stars (asterisks) in the 'X-UCD-MS-Spam-Score' header. Anything over 8 stars is almost definitely spam, and will go into your "UCD-Spam" folder on Solid. However we can adjust these settings on a per-user basis. If too much spam is making it to your inbox, we can lower the threshold value for you; just send us an email.
A Phishing Scam is an attempt by a malicious person to gain access to your personal information/money/etc by means of a legitimate-looking email that can appear to come from a friend. Usually it will ask you to click a link which will take you to a fake (but often legitimate looking) website where they will then ask for your usernames or passwords or financial information.
Phishing Scams get more detailed and more "personalized" all the time, so constant vigilance is the best defence against the scammers. If you personally know the person the email claims to be from, contact them directly (not via email reply) and ask if they sent it. Otherwise, if it looks suspicious don't click any links, and you can always forward it to firstname.lastname@example.org (or spam-examples.physics.ucdavis.edu) and we (the IT Team) will take a look at it and get back to you.
That said, here are some basic ways to try to recognize a phishing scam:
1. The message ususally instructs you to supply your account information, including your password. The instruction may be to reply by email, or to click on a link in the message and supply the information via the web. This is never a legitimate request. (Legitimate emails from Physics IT may sometimes ask for your name and Campus Kerberos ID, but they will not ask for your password.)
2. The message may have a "From:" address that sounds (and sometimes is) legitimate, but the message is almost definitely not from the address listed (This is called email spoofing). The message itself will usually be vague, and may refer to a "database crash" or "a problem" or even simply "maintenance." None of these generic issues require your account information. A legitimate message from IET or Physics IT will be very specific, and will never ask for your password.
3. The message may contain some kind of threat for not supplying the information, such as having your account deleted.
4. Phishing messages are often, but not always, poorly written, with spelling and grammatical errors. Legitimate messages aren't always perfect, but with careful reading, many scam messages become obvious.