Junk email, phishing and tips to keep you safe - Nuffield College Oxford University

Reducing junk e-mail

There are several ways in which you can reduce the number of junk emails you receive, but a filter is automatically applied by Oxford University IT Services and Microsoft (the providers of Office 365):

Use your email client to filter messages based on criteria that you set

Most e-mail clients have the capacity to identify messages sent from particular people, places or those containing specific words or phrases. This allows you to filter your incoming mail and help to reduce unwanted e-mails or 'spam' from getting into your inbox. For instance, you can move all incoming mail from your friend into its own folder. Or you could set a rule to delete messages from particular people or organizations. For specific instructions please look at the help pages for your particular client (MS Outlook Web App). If you cannot find them or you need further help please contact us.

Use your email client to filter messages based on the central IT Services' spam level rating

Mail filtering is provided by central IT Services on their Oxmail servers. To help you filter out any unwanted emails IT Services adds information to the headers of all mail messages categorising them by the likelihood that the email is spam. They do this by assigning each message a number of stars (the X-Oxmail-Spam-Level) whereby the higher the number of stars, the greater the chance that the email is spam. You can take advantage of this system by setting a rule on your email client to filter out messages with a certain number of stars. By defining the number of stars in your rule you can choose which messages get through to your Inbox and which are filtered into a junk or spam folder. Most legitimate messages will be rated under 5 so we suggest that you start with between 5 to 8 stars and adjust them as necessary. For further information and instructions on how to configure your email client to filter messages based on the IT Services spam level rating please see section 8 of this page. If you cannot find instructions for your client or you need further help please contact us.

Phishing Email

You may find the following site useful regarding how to identify phishing emails https://help.it.ox.ac.uk/email/phishing/index

Phishing is a practice usually trying to tempt you in to typing information such as your username and password into fake sites so that they can get into your accounts and do bad things, such as get your bank details, distribute 'malware' or turn your email account into a spamming site.

Nexus Quota Warnings: a common phishing approach

Due to the very large mailbox quota (50GB) provided, you should not receive any emails about reaching your quota limit.

Spear Phishing (a particularly sophisticated type of phishing)

Please be extra cautious of following instructions in emails, even when they appear to come from someone in College. Look at the writing style of them: does the email look like it was written by your colleague? It's easy to fake the sender of an email. It's also easy to get names of people at College and pretend to be sending as them.

Be extra careful if you're asked to open an attachment, or make a payment, or add something to a spreadsheet. Never, ever, give your username and password away.

Other tips

Avoid replying to mails with REMOVE in the subject line

Messages you receive may include instructions (such as to reply with REMOVE in the subject line) on how to remove yourself from future mailings from the individual or organisation. Unfortunately, many senders include these instructions in order to try to confirm that they've reached a working email address, not to remove you from mailings. Unless you are unsubscribing from a mail distribution list that you signed up for or you know the message sender, the best practice is to discard these messages without responding. Some messages contain a phone number to call, but many contain no information on how to stop future mailings. Often if you reply to these messages, you find that the return address or phone number is invalid or is that of someone other than the real sender.