Learn about email security including identifying fraudulent emails, email encryption, Google 2-Step, and more.

Identify & Report Fraudulent Emails

How to Identify Fraudulent Emails

Cyber criminals use compelling email messages to trick you into clicking a link, downloading an attachment, or replying to an email. Once you have reacted to their message, they steal sensitive information or install malicious software on your computer.

When interacting with email, do not rely on any single approach to identifying a scam, know all the possible signs (especially #4):

Print

What to do if you receive a fraudulent email

  • Do not reply to the email, or text/call any phone numbers included in the email.
  • Do not click on any links听 or attachments in the message.
  • If possible, in Gmail, click the three dots in the upper right corner and select, 鈥淩eport phishing鈥 or 鈥淩eport spam.鈥澨
  • Forward it to phishing@bc.edu.

Think You've Been Compromised?

Report a Security Incident

If you think you鈥檝e been the victim of a phishing email, email听security@bc.edu听to report it. A member of the IT Security team will follow-up with you.

Protect Your Account

  1. Change your 涩里番下载 Password and 涩里番下载 Gmail Passwords.听Phishing emails often target your credentials so they can access your email account, or your 涩里番下载 account, and gain access to your private data. Change your passwords, and take away their access.
  2. Change other passwords. If you use your 涩里番下载 passwords on any other accounts, change those passwords as well.
  3. Log out of all other Gmail Sessions. If a bad guy got a hold of your 涩里番下载 Gmail login, they may be logged into your account. Kick them out! In the bottom right corner of Gmail, click Details and then Sign out all other web sessions.
  4. Check your Sent Mail folder.听Bad guys often use compromised email accounts to send malicious messages to others in your contacts. If you see emails were sent from your account which you did not send, this would confirm your account has been compromised, and will let you know who has received an email from your account.
  5. Check your mail forwarding settings.听Bad guys often enable mail forwarding, so messages sent to your email will be forwarded to an account of their preference. Disable unwanted email forwarding by going to Settings > Forwarding and POP/IMAP > Disable forwarding > Save.
  6. Check your Google email settings and remove any suspicious accounts.听Go to Settings > Accounts > Send Mail As.
  7. Report the email as phishing in Gmail. Learn .
  8. Scan your computer for malware or viruses.

Email Security

Electronic Abuse

While 涩里番下载 strives to provide an open computing environment to foster collaboration and learning, there are policies defining appropriate use of the 涩里番下载 network and computing resources, such as email. Before reporting electronic abuse, make sure you are familiar with听涩里番下载's computing policies and guidelines.

Examples of Electronic Abuse and Appropriate Action to Take

  • Your system/server has been or is being attacked: Report the abuse immediately and do not make any changes to the system until you hear from the ITS security team on campus. You may accidentally remove vital information that can be used as evidence.
  • You received offensive or threatening email or voicemail: Do not delete the offensive message as it can be used as evidence.
  • You suspect someone knows or is using your 涩里番下载 password: Report the compromise immediately with any substantiating evidence. Change your password immediately.
  • You are aware of software copyright violations at 涩里番下载.


Report Electronic Abuse

Send an email to abuse@bc.edu听describing the electronic abuse. You must show the full message headers of any email message that you are forwarding. Do not delete the email from your inbox until you have heard back from us.

Encrypted Email with Virtru

If you need to send confidential emails as part of your job, you may want to consider requesting Virtru. Virtru is an email security tool that allows you to:

  • encrypt emails
  • prevent a forwarded encrypted email from being read
  • set a read expiration date on encrypted messages听
  • and revoke the ability to read an email after it is sent

Getting Started with Virtru

If you think you may need this service, contact your Technology Consultant. Once approved, install Virtru for Gmail or Outlook. 听

Print

Domain-based Message Authentication, Reporting, & Conformance (DMARC)

As part of an ongoing effort to combat phishing scams and increase email security, Information Technology Services (ITS) implemented the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol.听涩里番下载 ITS uses DMARC to protect messages sent from authorized 涩里番下载 senders and to stop messages from unauthorized ones. By default, authorized 涩里番下载 senders include all students, faculty, and staff sending messages from actual 涩里番下载 Gmail accounts.

Messages not sent from DMARC-compliant senders (see below for a list of DMARC-compliant senders) are rejected. This means messages sent from non-complaint senders will not reach any recipient, not even their spam folder. ITS blocks around 10,000 to 20,000 emails on an average day.

DMARC-Compliant Senders

If you are sending from any one of these, these messages will go through:

  • 涩里番下载 Google account
  • Listserv.bc.edu
  • 涩里番下载 bulk mailer (Maestro)
  • 涩里番下载 servers/devices that send mail through relay.bc.edu or eblast.bc.edu (this includes most, if not all, apps/services in the data center)
  • Qualtrics
  • CVENT

Additionally, a variety of email marketing, survey, and other tools are also DMARC compliant.

How do I know if emails from my tool/application are DMARC compliant?

All services must be made DMARC compliant before they can send email as @bc.edu. Contact your TC or the Help Center when implementing a new tool that sends email as @bc.edu.

Google 2-Step Verification

Important Security Step

You must be enrolled in Google 2-Step Verification in order to access 涩里番下载 Google services (Mail, Drive, Calendar).听Failure to enroll will result in loss of access to your 涩里番下载听Google account (Mail, Drive, etc.). To unlock your account you will听need to contact the 涩里番下载 Help Center.

Google 2-Step Verification (also known as two-factor authentication) adds an extra layer of security to your account in case your password is stolen.

  1. Download the Gmail app on your mobile device (optional but highly recommended): | . Even if you prefer to use a different email app on a daily basis, adding the Gmail app will help simplify 2-step verification. After downloading it, configure Gmail for your 涩里番下载 account.
  2. Enroll in 2-Step:听Go to the and follow the prompts. Set up the Google Prompt option (via the Gmail or the Google [Search] app on your device).
  3. Configure at least one other backup option.
    Tip: In case you don鈥檛 have access to your phone, it is a good idea to set up backup codes. Then print the codes & put them in your wallet.

Once you鈥檝e enabled 2-Step, when you access your 涩里番下载 Google account (Gmail, Drive, Calendar, etc.) from a new device, it will require both your login information and a secondary verification.

Frequently Asked Questions

Print

Shared Google Account FAQ

Print

Phishing Simulation

涩里番下载 implemented a Phishing Simulation program to increase awareness and education related to phishing emails, therefore decreasing the risk of exposure of University data.听Phishing simulation is ongoing for all students and for select faculty and staff, by department request.

Why is 涩里番下载 Doing This?

Colleges and universities continue to report increased phishing incidents in which bad actors try to trick people into clicking on malicious links in an effort to steal passwords, access personal or University data, and in some cases encrypt data and demand money for the data to be unencrypted.

Sample Phishing Simulation Educational Web Page

If you mistakenly click on a phishing simulation email link or attachment, you will be taken to a web page that听explains which characteristics of the email were clues of a typical scam.

Sample Phishing Simulation Email

Screenshot of Phishing Simulation Sample Email

Quick Links