Security Information

Phishing

Phishing (pronounced 'fishing') emails are fraudulent emails that appear to come from an online financial institution (such as First Tennessee, Regions, or credit card companies), auction sites (such as eBay), payment processors (such as PayPal), social networking sites (such as Facebook, MySpace, YouTube), and IT administrators (such as the OIT department at Jackson State).

Phishing emails could be quite convincing even using the mimicked organizations own images, logos, and fonts.

Phishing emails request that you update or confirm your account information by replying to the email or by going to a webpage. They often ask for username, password, date of birth, and account numbers.

Never reply to any email, or provide on a webpage linked within the email, with your username, password, date of birth, and account numbers.

Type the website's address directly in the address bar, or use a bookmark that you personally have created.

The OIT department at Jackson State will NEVER ask for your account information via email.

Each online organization/website should have specific information regarding how they communicate with you. Visit their website directly and familiarize yourself with their steps on how to protect your account information.

Messages With (Virus) Attachments

Some viruses spread through email by attaching the virus program to messages. For this reason, OIT blocks messages containing attachments with the following file extensions: exe, pif, scr, vbs, cmd, com.

Additionally, OIT quarantines messages containing attachments with these file extensions: ade, adp, bas, bat, chm, cpl, crt, dll, hlp, hta, inf, ins, isp, js, jse, lnk, mdb, mde, msc, msi, msp, mst, pcd, reg, sct, shb, shs, vb, vbe, wsc, wsf, wsh.

Any messages that are quarantined are sent to the systems administrator. If they are legitimate, the message will be forwarded to the intended recipient. The attachment may have to be provided separately.

Beyond this blocking and quarantining, the mail server at Jackson State also protects users by blocking access to certain attachments based on similar file extensions. If you receive an email from someone else at Jackson State and Outlook blocks your access, please contact OIT for assistance.

If you receive a message with an attachment entitled eTrust Antivirus ScanReport.TxT, YOU CAN SAFELY DELETE THIS MESSAGE.

False Positives (I didn't send an email to ...)

Another type of message will indicate that you have sent an infected message to someone that you may or may not know. These message types indicate a false positive in that the email server thinks that you sent the infected email, when you have not. Some servers are configured to send an email to the 'sender' of an infected message. So, as most viruses spread through email by randomly selecting the recipient AND the sender email address from the infected computer's hard drive, your address may be one that's selected. The user of the infected hard drive only has to visit a website or keep an email or document on their computer that contains your email address for it to be used by a virus. These false positives can safely be deleted. OIT does not send notifications to 'senders' of infected messages.

Updates/Patches

It is imperative that you do not attempt to install any patch that is emailed directly to you. The vast majority of updates or patches that OIT installs are done so automatically. You may be required to reboot after an update is applied. Updates are scheduled to be downloaded to computers nightly, or immediately after your computer is started the next morning.

Malware

Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software.

OIT has deployed Microsoft Forefront Client Security which scans your computer nightly for malware and prevents malware from being installed on your computer.