CISO Memo: Spam, Spam, Spam, Spam

Do you like spam?  Of course I’m talking about unsolicited bulk mail, and not the canned food.  That could be a whole other message, which perhaps I’ll address in a future memo. I have a feeling that no one answered yes to my question. No one likes electronic spam, and yet we need to learn to live with it, as it will continue to direct itself to our in-boxes.

Did you know that most of the email around the world is actually spam?  While there have been periods where the percentage was consistently over 90%, recent years have the numbers between 85-90%, thanks to the more rapid shutting down of botnets, which are responsible for most of the spam traffic.  Brown is not immune to this phenomenon, as these same percentages are seen in messages coming to the Brown domain.

The good news is that a high percentage of them never reach your email box, and many of those that do are stilled identified as spam and sent to the spam folder.  I’m sure we all agree that we would not want to sift through that many messages to find the real mail in our box.  Compare yourself to Bill Gates, who receives approximately four million messages per year. Imagine going through all those messages each day to find the 1,000 legitimate ones if spam filters did not work!

Spam is not only a nuisance, but it can be malicious in nature, especially if it is also a phishing email.  Brown has recently been the victim a several phishing attacks, through which some of our community have fallen victim.  Not only does this place the victim’s personal information at risk, but it also propogates the phishing scam deeper throughout our community via the person’s contact list.  The Information Security Group and the CIS Help Desk work quickly in indentifying the compromised account, and aid the victim in stopping the attack.  This is all part of our mission here at Brown.  Still, we wish to get to the point where no one in the Brown community falls for a phishing scam.  You can learn tips to help you spot a phish by visiting the ISG Phishing Primer here.

As this is October, and once again Brown is participating in National Cyber Security Awareness Month, we will also be hosting a brown bag on 10/10/13 entitled “Don’t Get Caught…by a Phishing Phony”.  Learn about this, and all of the activities of the month at www.brown.edu/go/cybersecurity.

As always, I welcome your comments and feedback.  Please feel free to reach out to me directly at david_sherry@brown.edu, or the group at ISG@brown.edu.  Let me know how we are doing, areas of concern you may have, or questions on protecting your identity or personal computing security.  And remember, sec_rity is not complete without U!