What IT is Doing to Reduce Phishing and Spam

Decommissioning Legacy @mala.bc.ca Email Addresses

To reduce spam and retire old legacy systems that are no longer supported, VIU IT is decommissioning the old @mala.bc.ca and @mala.ca e-mail addresses.

E-mail sent to employees who still have @mala.bc.ca and @mala.ca e-mail addresses will be altered in the following ways:

  1. The subject will have “[Sent to your @mala.ca email]” or “[Sent to your @mala.bc.ca email]” pre-prepended to these e-mails easy to identify
  2. Instructions on what action to take will be added before the original e-mails content

This is a sample e-mail sent to schewee@mala.bc.ca:

Legacy Email Warning

Any e-mail sent to @mala.bc.ca and @mala.ca e-mail addresses will be bounced back to the sender as undeliverable.

Barracuda Email Security Gateway

VIU IT has recently implemented a new anti-spam solution which will greatly improve our spam blocking accuracy. This means less phishing and spam finding its way into your inbox.

All incoming email is scanned by the Barracuda before being delivered to your inbox. The Barracuda performs a virus scan on all attachments and attempts to identify common patterns that match with known spamming and phishing techniques. Based on the findings, a score is applied to each email.

Suspected spam will be handled in the following ways:
  • Potentially spam: Email that is scored high, it will put “[Suspected Spam]” at the beginning of the subject.
  • Likely spam: If the score is higher, the email is quarantined in a special inbox on the Barracuda itself. You will then receive a daily summary email to you at 1:00 pm with a list of emails that were blocked, along with instructions to view and/or whitelist them if needed. You can login at spam.viu.ca to view and manage blocked emails.
  • Definitely spam: If the score is extremely high, the email is rejected altogether.
We will be working to tune it over time so we can eliminate as much undesirable email as possible. However, some spam will always find a way around even the best filters. Diligence is the best tool that we can all use.

View more information about the Barracuda Email Security Gateway.
 

External Email Disclaimer

Effective June 15th, VIU IT is implementing a new feature that will make emails from external senders (outside VIU) easier to recognize. All emails received from outside Vancouver Island University will be marked with a disclaimer.

The addition of this disclaimer is part of our ongoing effort to combat phishing emails. This message will serve as a reminder to be cautious of links and attachments and not share your password.

The subject will start off with “[External Sender]” and the message in the body of the email will read: “This email was sent from outside Vancouver Island University. Do not click links or open attachments unless you recognize the source of this email and know the content is safe.”

External email example

Link Protection

Our anti-spam filter uses a functionality called Link Protection. It performs a real-time analysis of URLs in incoming emails to enhance safety and then redirects to the safe link. Or, if the link is deemed unsafe, a Barracuda warning will appear.

How Can I Determine if a Link is Being Protected?

Links will appear differently when you hover over them. For example, If you hover over the URL http://www.codestore.net/ the link will display as https://linkprotect.cudasvc.com/url?a=http://www.codestore.net&c=E,1,5bE...
NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq&typo=1

What Happens When I Click on One of These Links?

If the URL is considered bad, you will see a warning appear which displays some information about the link. It may look like this:
Barracuda Link Warning

If the URL is considered good, you’ll be automatically redirected to the website.

What Benefit is This to Me?

Hackers attempting to collect information from us may use a form of deception called TypoSquatting or URL Hijacking which occurs when they pose as a legitimate company, but use URLs that are similar to the actual company, for example facebookk.com instead of facebook.com or gooogle.com instead of google.com.

Websites with user generated content may also be subject to link protection, for example googlegroups.com will have link protection applied whereas content from google.com will not.

MENU
CLOSE X Technology