Notes on hoaxes
The address from which spam and virus messages are sent is almost never what appears in the "From" line of the message header. Usually the "from" address is invalid, non-existent, but sometimes the message appears to come from a real address. This can be an embarrassment to the real owner of the address, and can also confuse the recipient. If your address is used in a forged "From" line, you may well receive confusing error messages (as described in the second section of this note).
Common hoaxes
Common hoaxes include:
- Messages that appear to come from a high street bank which ask you to go to a phoney web-site and enter confidential information. Most banks and other financial institutions can be affected by this form of "phoshing".
- Messages which appear to come from addresses within St Andrews, sometimes from official sounding addresses such as "admin@st-andrews.ac.uk".
- Messages which seem to come from Microsoft technical support, suggesting you should open an attached "update" file, which in fact contains a virus.
In all the above cases, a forged "From" address helps to put you off your guard.
The examples listed above are just examples.New hoaxes are appearing all the time, so you should be on your guard against anything like the examples given here. Never divulge confidential details or click on links or open files, unless you know that the message you are responding to is genuine.
The possibility of forged addresses also means that you should take care before accusing someone of sending spam. The "From" line in the message header is NO evidence as to where the message comes from.
To tell where a message comes from you need to display and interpret the full headers. The IT Service Desk can help you interpret the full header information.
The majority of spam messages have completely spurious and random "From" addresses which vary from message to message. For this reason filters which rely on the "From" header are unlikely to be effective.
Spurious error messages
It may happen that a spam message or virus is sent out using your address as the "sender". You should not worry about this possibility. It is now widely known that the "From" line in the mail header cannot be relied upon, so you will not be held responsible for spam or viruses that have your address as the sender.
However some spurious error messages may well be sent to you as a result of spam or viruses which appear to have been sent by you. For example the error message reporting that a message has not been delivered is usually sent to the address that appears in the "From" line. The same is true of messages that are automatically sent by mailscanning software when a virus is detected: often this will be sent to the address in the "From" line.
As a result, if your address has been used in spam or virus messages you may well find yourself receiving a number of error messages relating to emails which you know full well are nothing to do with you. In some cases the number of such spurious error messages can be quite large.
If you receive these spurious error messages you should not worry. If the only indication of anything wrong is that you have received spurious error messages, then you should take no action. Just delete the error message and forget about it.
Here is a check list of questions you should ask yourself if you receive one of these spuruious error messages:
- Is your anti-virus software is up-to-date? If not you should update it and then carry out a full scan of your hard disk. If it turns out that you have a virus, you should of course take action to disinfect your machine.
- Are you experiencing any other unusual behaviour on your PC? If so, you consider the possibility that you have a virus. Carry out a full scan of your hard disk, and consult the virus alert web pages to see if there are any relevant warnings. If in doubt, contact the IT Service Desk.
- If your anti-virus software is up-to-date and you are experiencing no other suspicious behaviour, you should ignore these spurious error messages. Only report these messages if you have some other reason to believe that something is wrong.
