UAB Information Security recently discovered a new spam campaign where users are tricked into opening an email attachment that contains a virus aimed at stealing passwords and financial information.  As with any suspicious email messages you may receive, please report them to This email address is being protected from spambots. You need JavaScript enabled to view it. for inspection.

The recent spam email messages are crafted to look like they came from one of several legitimate companies such as Chase Bank, the Better Business Bureau (BBB), Department of Treasury, Dun & Bradstreet Financial Services or a wire transfer company. You should be aware that these emails are forged and that none of the information included in the email can be trusted including embedded links, e-mail addresses or phone numbers.

Here are some of the common email subject lines we have seen in this spam campaign:

•  FW: Company 2013 Report

•  Incoming Wire Transfer Notification

•  D&B iUpdate: Company Order Requested

•  Department of Treasury Notice of Outstanding Obligation – Case ######

•  Better Business Bureau Complaint Case #######

•  Merchant Billing Statement

•  ACTION REQUIRED: A document has arrived for your review/approval (Document Flow Manager)

No anti-spam technology is 100 percent effective.  If a spam or phishing message gets through the spam filter, you can report it to AskIT and we will help use it to improve the spam service.

Please note that these instructions refer to the original spam message.  The instructions must be followed by the recipient of the original spam message.  Forwarded copies are often unusable regardless of how they are saved.  Follow the instructions below to save a copy of the message in its original format. Note:  Some versions of Outlook offer two options to save an .msg file - one is "Outlook Message Format," the other is "Outlook Message Format - Unicode." You should not select the unicode format, as this could cause problems when you save and submit the file.

Microsoft Office Outlook 2007/2010

  • 1. Open Microsoft Office Outlook.
  • 2. Double-click to open the email message that you want to save.
  • 3. From the File menu, select Save As.
  • 4. The Save As pop-up window displays. Select Outlook Message Format from the Save as Type drop-down list.
  • 5. Select the folder in which you want to save the message. Note: the file name is provided by default. You can change this if you would like.
  • 6. Click Save. The message is saved with an .msg file extension.
  • 7. Right-click the saved .msg file(s), and click 'send to compressed folder' (.tar, .tar.gz, and .zip formats are acceptable). Note: You must compress the file before sending it as an attachment.
  • 8. Create a new mail message and send the saved message as an attachment to This email address is being protected from spambots. You need JavaScript enabled to view it. with a subject of "Spam Report."

Microsoft Outlook Express

  • 1. Open Microsoft Outlook Express.
  • 2. Double-click to open the email message that you want to save.
  • 3. From the File menu, select Save As.
  • 4. The Save Message As pop-up window displays. Select Mail (*.eml) from the Save as type drop-down list.
  • 5. Select the folder in which you want to save the message. Note: the file name is provided by default. You can change this if you would like.
  • 6. Click Save. The message is saved with an .eml file extension.
  • 7. Right-click the saved .eml file(s), and click 'send to compressed folder' (.tar, .tar.gz, and .zip formats are acceptable). Note: You must compress the file before sending it as an attachment.

Apple (Mac) Mail

  • 1. Select the message you want to save.
  • 2. From the File menu, select Save as ...
  • 3. In the pop-up window, select the format Raw Message Source
  • 4. Save with a file name including a .txt or .eml extension
  • 5. Right-click the saved .txt or .eml file(s), and click 'send to compressed folder' (.tar, .tar.gz, and .zip formats are acceptable). Note: You must compress the file before sending it as an attachment.

Other Mail User Agents

Save the email that you want to report as a text file. Make sure that the message is as close to its original format as possible.  Your mail client might allow you to save rendered text, as well as the original source -- it is the original "raw source" that is needed. Make sure the original email headers are intact and included in RFC-822 format.  Typical file name extensions are .eml and .txt

Published in FAQ - Infrastructure
September 19, 2012

Spamblocker

Spamblocker Features Summary

UAB's Spamblocker service protects all users of Central Exchange and all @uab.edu email addresses. The following is a brief summary of the features provided by this service. For more information, please refer to the Spamblocker User Instructions.

The Spamblocker service classifies messages as "Adult Spam," "Definite Spam," "Possible Spam," or "Not Spam".  All users are protected from spam on a default level preset by the Information Security department.  If users choose to do so, they can select one of the three other policy settings. The Aggressive policy automatically deletes "Adult Spam" and "Definite Spam", while "Possible Spam" is sent to quarantine and "Not Spam" is sent to the user's inbox.  The Cautious Plus (same as the Default policy) policy automatically deletes "Adult Spam", while "Definite Spam" and "Possible Spam" are sent to quarantine and "Not Spam is sent to the user's inbox.  The Cautious policy sends "Adult Spam", "Definite Spam" and "Possible Spam" to quarantine, while "Not Spam" is sent to the user's inbox.  User can choose to opt out altogether, allowing all messages of any classification to be sent to their inbox.  All policies and their affect on spam are summarized in the chart below:

 

Spam Results

Policy

Adult Spam

Definite Spam

Possible Spam

Not Spam

Default*

Discarded

Discarded

Quarantined

Inbox

Aggressive

Discarded

Discarded

Quarantined

Inbox

Cautious Plus

Discarded

Quarantined

Quarantined

Inbox

Cautious

Quarantined

Quarantined

Quarantined

Inbox

None

Inbox

Inbox

Inbox

Inbox

*The "Default" policy is equivalent to the "Agressive" policy.

The following is a list of new spam blocking features, and a brief description:

Digest Email - Users will receive a daily email digest listing all emails being held in Quarantine from the previous day.  It will appear in their inbox from the address 'This email address is being protected from spambots. You need JavaScript enabled to view it. '.  If ignored, quarantined messages will be automatically deleted after 7 days.  *Note:  If the user does not wish to receive the digest daily, there is an option to turn off this feature.  The following actions can be taken from the digest email:

  • View a message that is sent to Quarantine.  The user will be prompted to log into the Spamblocker program prior to viewing the message.
  • Release a message from Quarantine and send to the user's inbox.
  • Safelist a message if a user chooses to add a sender to the Safe Senders List.  The system will then recognize the address as safe and forward any future emails from this address to the user's inbox.
  • Not Spam allows the system to recognize that the message is legitimate, and comparable messages sent in the future should not be marked as spam.
  • Request a New End User Digest allows users to receive an updated copy of their digest.
  • Request a Safe/Blocked Senders List allows users to receive a message listing email addresses and domains that are in their Safe Senders List and Blocked Senders List.
  • Manage My Account takes the user to the Spamblocker login screen where they can log in to manage their lists, profile and quarantine.

Lists - From this section, users can view and manage their Safe Senders List and Blocked Senders List.  Lists give the user the additional functionality of managing email from specific email addresses.  To view either of the lists, click the link in the left side navigation bar on the User Account screen.  From both the Safe Senders List and Blocked Senders List, the user can take the following actions:

  • Logout - Logs users out of their Spamblocker account.
  • New - Allows users to enter an address to be added to a list.
  • Edit - Allows users to edit a selected sender's email address.
  • Delete - Allows users to delete the selected email addresses from a list.
  • Lists - Helpful functions that allow users to Select All of the email addresses, Unselect All of the email address, Request Digest be emailed to them or Refresh the Quarantine list view.

Profiles (Spam Blocking Policies) - From this section, users can edit their Settings and Account.  To view either of these, click the link in the left side navigation bar on the User Account screen. 

  • Settings allows users to change functions in Spamblocker that will effect what email is blocked and the receipt of a daily digest.  *Note:  Users only need to take action if they wish to change their default settings.  Users may perform the following functions:
  1. Send digest with new messages in my Spamblocker - End User Digest - The default setting is that users will receive an End User Digest daily each morning.  If the user does not wish to receive the digest, they should deselect this option and select Save to finalize.
  2. Send digest even when I have no messges in my Spamblocker - End User Digest - By default, users will not receive an End User Digest if no emails have been classified as spam during the previous day.  If the user wishes to receive a digest even though there are no new spam emails, they should choose this option and select Save to finalize.
  3. Preferred Language - The default language is English.  If the user wants to change the language, they should choose the appropriate language and select Save to finalize.
  4. What type of spam detection do you want?  Please select a policy from the list below. - Users are initially set to the Default policy.  Users do have the option to switch policies.  If users change the current policy, they must select Save to finalize.
  • Account allows users to see which of their email aliases are being protected by Spamblocker.  If you have an account that is not listed, please contact AskIT by email, or phone at 205-996-5555.  The user may perform the following functions: 
  1. Logout - Logs users out of their Spamblocker account.
  2. Lists - Helpful functions that allow users to Request Digest be emailed to them, or Refresh the displayed list.

To make changes to your new SpamBlocker profile, please go to https://spamblocker.ad.uab.edu:10020/.

Please feel free to contact us with any questions through our help desk, This email address is being protected from spambots. You need JavaScript enabled to view it. ">AskIT, by email or phone at 205-996-5555.