Spam filters and street smarts keep computing safe

The messages threatening “termination,” “cancellation,” or “violations” pile up in virtual inboxes across the University, sometimes 10 a day. “Dear eBay member,” one reads. “It has come to our attention that your eBay billing informations are out of order. Please folow the instructions to update your billing records you will not run into any future problems with the online service afther this update.”

Messages like this one — rife with grammatical and spelling errors — are easily identified as hoaxes, says Jim Stone, the director of consulting services in the Office of Information Technology. But as spammers and spoofers — who send out such e-mails in the hope of obtaining personal information such as birth dates and social security numbers — grow increasingly advanced, the threat of identity theft grows.

“The attempts are getting far more sophisticated,” says Richard Sharp, the OIT associate director of consulting services. “They used to be very easy to spot, but now they’re pretty good.”

The best defense against falling victim to e-mail scams is common sense, but the University’s Personal Computing Support Center (PCSC) offers helpful guidelines to identify and filter spam and spoofs before they hit your inbox. While it’s impossible to eliminate spam, Stone says — “because the spammers are always in a race, trying to fake out the anti-spamming and tagging software” — it is possible to reduce the amount received and recognize it when it slips through the cracks.

All outside e-mail sent through the University’s central e-mail system — anything that goes to an address ending in “@bu.edu” — is assessed by an identification program called SpamAssassin, which tags each e-mail with a number that indicates the likelihood that it is spam. The tags don’t filter spam themselves, but most e-mail clients can be configured to recognize the tags and sort or block spam accordingly. The PCSC provides instructions for using filters with Horde, Outlook, Outlook Express, Entourage, Mozilla Thunderbird, Mac OS X Mail, Eudora, Pine, and SilkyMail; Stone says that Horde, Outlook, Mac OS X Mail, and Mozilla Thunderbird are all particularly effective.

When unwanted e-mails do appear, however, there are a few rules to follow: don’t click on links in unfamiliar e-mails, and never provide personal information over the Web unless you are sure you can trust the site. PayPal and eBay are both frequently used aliases, Stone says, as is Citibank, but even people who have accounts with the companies shouldn’t be tempted to believe the hoaxes. “Anything that says ‘Your account has been terminated or suspended until you verify your account information’ ” is probably fake, he says. “Banks don’t do that. The thing to do is go to eBay and log onto your account, and if you can’t, call eBay, as opposed to doing what this e-mail says and entering all your private information.”

When in doubt, Stone says, paste a line from the e-mail into Google and find out if it has been identified as a fraud. And if the message’s origins are really unclear, send it to the PCSC at pcsc@bu.edu for confirmation.

“I think people are more and more knowledgeable about this as every year goes by, because you do see identity theft in the news much more than ever before,” says Stone. “But I also do think there are people who are naïve about these things and could be at risk.”