Learn how BC fights spam, how to prevent email viruses, and how to report electronic abuse.
Phishing, Spam & Viruses
Phishing occurs when a person attempts to steal personal information or install malicious software on your computer with the intention of stealing money or personal information from you. Cybercriminals can do this in a number of ways, all of which require some action on your part. They might email you, call you on the phone, post a link on your Facebook wall, or convince you to download something off a website. The best way to protect against phishing scams is to know the signs.
Think You've Been Compromised?
Report a Security Incident
If you think you’ve been the victim of a phishing email, email security@bc.edu to report it. A member of the IT Security team will follow-up with you.
Protect Your Account
- Change your BC Password and BC Gmail Passwords. Phishing emails often target your credentials so they can access your email account, or your BC account, and gain access to your private data. Change your passwords, and take away their access.
- Change other passwords. If you use your BC passwords on any other accounts, change those passwords as well.
- Log out of all other Gmail Sessions. If a bad guy got a hold of your BC Gmail login, they may be logged into your account. Kick them out! In the bottom right corner of Gmail, click Details and then Sign out all other web sessions.
- Check your Sent Mail folder. Bad guys often use compromised email accounts to send malicious messages to others in your contacts. If you see emails were sent from your account which you did not send, this would confirm your account has been compromised, and will let you know who has received an email from your account.
- Check your mail forwarding settings. Bad guys often enable mail forwarding, so messages sent to your email will be forwarded to an account of their preference. Disable unwanted email forwarding by going to Settings > Forwarding and POP/IMAP > Disable forwarding > Save.
- Check your Google email settings and remove any suspicious accounts. Go to Settings > Accounts > Send Mail As.
- Scan your computer for malware or viruses.
- Turn on 2-Step Verification for BC Gmail. If you have already done so, add an extra layer of protection to your BC Google account.
Spam email has rapidly become a critical problem for all email service providers, both public and private. Boston College ITS has implemented policies and technologies to protect the BC email system.
How BC Fights Spam
- BC Spam Quarantine Service: BC uses a Spam Quarantine Service that blocks and quarantines messages it identifies as spam. Items are not delivered to email accounts.
- BC email users are required to enter their password to send email. This prevents computer viruses from sending large amounts of spam email from affected computers.
- BC continuously evaluates new technologies to leverage against spam.
Spam Reduction Tips
- Keep your operating system and antivirus software up-to-date.
- When you receive unwanted email, do not reply to it, click links in it, or click “Remove me" links unless you can verify their authenticity. If you know the sender to be legitimate, proceed to the sender's website, which should contain the option to unsubscribe from the mailing list. Even if an email containing links appears to be from someone you know, verify the legitimacy of any links with the sender.
- Use caution when disclosing your email address. The more locations your email is recorded, the more likely you are to receive spam. Read the fine print, especially privacy policies, when signing up for online services. Consider establishing a second free email account with Google, Hotmail, or similar provider, and using that second address for your online shopping and commercial needs.
- Be skeptical. Educate yourself. Spammers go to great lengths to get their messages through and often try to deceive you. Be skeptical and be careful.
Spam Quarantine Service
ITS uses a spam blocking service to prevent spam or junk email from reaching students, faculty, and staff. This service quarantines email messages it identifies as spam. ITS is confident that quarantined messages will indeed be junk. However, if you find a legitimate message was quarantined, please contact the Technology Help Center at help.center@bc.edu. ITS continually updates rules on spam filters to help prevent new spam from reaching your email.
Students can't log in to the service. If you're a student and suspect a legitimate message was quarantined, please contact the Technology Help Center at help.center@bc.edu.
Steps to Protect Yourself
- Do not download or open any unknown files that are attached to an email; they could be viruses. If you are unsure, err on the side of caution, and do not open the attached files. Important: If you must download an attached file to an email, make sure to save it and scan it for viruses before you open it.
- Remember to keep your virus protection updated by setting antivirus software to auto-update. Also, be careful not to "cancel" out of auto-update if it tries to run when you are using your computer. Note: All BC-owned computers have virus protection software set to auto-update.
- Turn off macros in Microsoft Word, Excel, and Powerpoint. There is a widespread set of viruses known as macro viruses. These are viruses designed to run when you open a Microsoft Office product such as Word. If macros are turned off, it is unlikely that a virus will be able to launch itself and do harm to your computer.
Reporting an Email Virus
If you get a virus from an infected file:
- Inform the person you originally got the infected file from.
- Inform people who have access to the file on the network.
- Inform anyone that you emailed the infected file to.
Please do not send a warning to everyone you know. ITS can propagate such messages in an efficient manner, and these sorts of warnings can cause other problems.
Electronic Abuse
While Boston College strives to provide an open computing environment to foster collaboration and learning, there are policies defining appropriate use of the BC network and computing resources, such as email. Before reporting electronic abuse, make sure you are familiar with BC's computing policies and guidelines.
Examples of Electronic Abuse and Appropriate Action to Take
- Your system/server has been or is being attacked: Report the abuse immediately and do not make any changes to the system until you hear from the ITS security team on campus. You may accidentally remove vital information that can be used as evidence.
- You received offensive or threatening email or voicemail: Do not delete the offensive message as it can be used as evidence.
- You suspect someone knows or is using your BC password: Report the compromise immediately with any substantiating evidence. Change your password immediately.
- You are aware of software copyright violations at Boston College.
Report Electronic Abuse
Send an email to abuse@bc.edu describing the electronic abuse. You must show the full message headers of any email message that you are forwarding. Do not delete the email from your inbox until you have heard back from us.
Encrypted Email with Virtru
If you need to send confidential emails as part of your job, you may want to consider requesting Virtru. Virtru is an email security tool that allows you to:
- encrypt emails
- prevent a forwarded encrypted email from being read
- set a read expiration date on encrypted messages
- and revoke the ability to read an email after it is sent
Getting Started with Virtru
If you think you may need this service, contact your Technology Consultant. Once approved, install Virtru for Gmail or Outlook.
Email recipients do not need to install Virtru to read or respond to your email. Recipients of an encrypted email will not be able to access the message directly from their inbox. Rather, they will be prompted to "unlock" the message, and verify their email address.
ITS recommends you inform your recipients to expect an encrypted email, since they will be prompted to take extra steps to unlock the message. The best way to do this is to add a customized intro to your message. Be sure to include information that only your recipient would know, or write it in such a way that they know it's really you.
Partially. You can install the Chrome plug-in, which will allow you to decrypt and respond to any Virtru messages sent to you. However, you will not be able to initiate a Virtru encrypted email.
Domain-based Message Authentication, Reporting, & Conformance (DMARC)
As part of an ongoing effort to combat phishing scams and increase email security, the Information Technology Services department is implementing the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. BC ITS can use DMARC to protect messages sent from authorized BC senders and stop messages from unauthorized ones. By default, authorized BC senders include all students, faculty, and staff sending messages from actual BC Gmail accounts.
BC Implementation of DMARC
The tricky part is that enabling DMARC in our current technological environment would actually prevent many legitimate messages from reaching recipients, in addition to stopping unauthorized ones. This is because many departments at BC use non-BC tools which can send emails that appear to be from “@bc.edu” email accounts but are not sent from an actual BC Gmail account. These tools include email marketing tools and other third-party applications, such as:
- Email marketing tools: Mail Chimp, Constant Contact, Salesforce, etc.
- Third-party applications: Qualtrics, ZenDesk, AutoDesk, and Cashnet
These tools must all be made DMARC compliant by working with the vendors to ensure your accounts are set up in a way that meets the DMARC requirements.
What Do You Need to Do?
If you use an email marketing tool or a third-party application to send emails that appear to be from bc.edu email accounts, please let us know by filling out the DMARC Google form below. We will use this information to determine if any action is needed to ensure your emails reach their intended audiences after DMARC is turned on.
For security reasons, we may need to enable DMARC in the next 6-18 months, so verifying your tools are compliant beforehand will ensure they continue to work once DMARC is enabled.