Search Information Security site

 

Main menu

About SPAM


What is spam?

Spam email can be defined as unsolicited and unwanted email messages. You may receive this type of email from someone you know or from a complete stranger. Although the messages may be harmless and/or  contain ads, notices of philanthropic opportunities, humor, etc., they may also be malicious phishing or spear phishing messages, which attempt to trick you into clicking a malware-laced link, divulging your login and password, as well as personally identifiable information (PII). Such emails can also contain malware in the form of an attachment or document that you click on or download to your computer.  We recommend you review our webpage on how to recognize phishing emails 

Spam that appears to originate from within UVA

If the message originates from University resources, or the sender appears to be someone at U.Va., the IT-Abuse Team needs to know about it. Although message headers can be forged to make it falsely appear that the message originated at UVA., the IT-Abuse Team can examine the message to verify its source.  If you think you need to respond to the email, do NOT reply to it.  Instead, first try contacting the sender using the email or phone number you have for them or use the UVA Internal People Search to get their phone number and email. Then use one of these to contact them to confirm they sent the email and it's legitimate. Again, do  not reply to the email, that email address is likely not going to who you think the sender is anyway - it's going to the scammer. 

Please forward the message you received with full headers (this helps with investigations) to [email protected]. The links below show you how to find the full headers, which depend on the email client (Outlook, Eudora, CMS, Gmail, etc.) you use to read your mail.

Finding email message headers

If you use an email client not listed above, call the UVA Help Desk at 434-924-HELP (4357) for assistance.

Do not reply to the sender, or click on any links in the message. We recommend you also check the Information Security Alerts and Warnings page to see if the message has been reported.

What you can do with spam that appears to originate from outside UVA

Deleting spam is the best course of action for messages originating outside U.Va. Do not reply to the sender, or click on any links in the message. Do not open any attachments, as they may contain viruses or other malware. You might also check the Information Security Alerts and Warnings page to see if the message has been reported. Please do not send reports of these messages to the IT-Abuse team.  
 If you think you need to respond to the email, do NOT reply to it.  Instead, first try contacting the sender using the email or phone number you have for them, such as the 800 number on your credit card,  to confirm they sent the email and it's legitimate. Again, do  not reply to the email, that email address is likely not going to who you think the sender is anyway - it's going to the scammer. 

If you receive an email message that appears to be a phishing or spear phishing attempt, please send a copy of the message with full headers (this helps with investigations) to the IT-Abuse team.

What UVA does to stop spam

All email accounts receive spam messages. To mitigate this problem, UVA uses Fortinet, a highly effective emall security solution, and Office 365 anti-spam technology.

These antispam services are:

  • Provided automatically for faculty and staff with email accounts on the UVA Exchange Service. These services are also automatic for messages sent to a faculty or staff primary email address (for example, [email protected]).  
    • In addition, ITS has deployed a Microsoft Outlook tool that: (1) Helps you manage junk and phishing email coming, (2) Enables you to easily report misclassified email and phishing email, and (3)
      Trains Outlook to spot these types of messages and send them to your junk folder in the future. 
  • Provided for students on student email accounts with UVA-contracted vendors, in addition to the excellent anti-spam services provided by the vendors themselves.

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form