CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People
Columbia University Medical Center logo,  Columbia University Medical Center Information Technology
For support: call extension 5-Help (212-305-4357) or email us
Safe Computing

Email Security

Email will always be targeted as a means to attack computers and access data, since it can be the fastest way to trick the computer user. The three major email safety issues - Viruses, Phishing and Spam - are explained below, with information on to how to recognize and handle any problematic messages or attachments that show up in your inbox.

In addition to being aware of general email security practices, CUMC affiliates must adhere to policies and requirements can be found on the Email Use page. To report spam or malicious messages please see this FAQ.

Attachments and Viruses

Opening an email attachment is still one of the most common ways that computers can become infected with a virus. Always take these precautions when you receive an email with a file attached:
  • Do not open the attachment unless you are 100% positive that the sender intended you to have it.
    - Viruses often spread themselves by using the email account on a computer they infect.
    - Viruses can "spoof" or mimic an email address so it appears to be coming from someone you know.
  • Be especially wary of any messages that have nonspecific text, grammar, spelling and editing errors.
    - Messages with vague subjects such as "Here's that file you requested" should not be trusted.
    - A message that addresses you by name shouldn't be trusted either, since this can be culled from someone's email address book or other means.
    - Content stressing urgency is often an attempt to keep you from being cautious.
  • Before opening any email attachments, save them on your computer and then scan them with your antivirus software.
    - Saving an attachment does not put your computer at risk, just make sure you do not open it before scanning.
    - To scan a file with Columbia's Symantec Endpoint Protection, right-click on the file's icon (command-click from a Mac) and select "Scan for viruses".


Email messages that urge you to click on a link to change your password, verify account information, or otherwise give out personal information should not be trusted. These phishing messages often look as if they come from a valid company, but the sites they take you to are phony and can be used for identity theft.

Due in part to the huge increase in phishing scams over the past few years, businesses that offer online accounts almost never ask for this type of account related information in an urgent email message. If you suspect that you've received a phishing message but are concerned about the online account it references, go to the company's main site by typing their web address into your browser directly (for example, "" or "") rather than using a link within the email.

For more details please see CUIT Security's page on Phishing Scams and Spam.


Columbia's mail servers are programmed to block as much spam as possible, but spammers constantly update their methods of bypassing spam filters to flood your mailbox. It is almost impossible to block all spam, but here are some things you can do to cut back on the amount you receive:
  • Use a "throwaway" email address to sign up for freebies or create an account on web sites. Many sites that require an email address for you to access information or download free programs don't care about protecting your privacy and will give lists of email addresses they've collected to spammers. Use a free yahoo, gmail or other account in these instances instead. Once an email address is "out in the wild", your chances of receiving spam increase exponentially.
  • Use spam filters on your email program and account.
    - Almost all email programs have settings you can adjust to detect spam or junk mail. Configuring them can vary from program to program, so it's best to check the Help menu for detailed information.
    - You can set filters for your general Columbia account by logging into the Manage My UNI site and selecting the "Email Filters" link, or click here for detailed instructions on setting filters. CUMC IT Exchange and Outlook users can set Junk Email Options.
  • Don't open or reply to junk mail or spam.
    - Spammers increase the likelihood of making money from their junk messages if they're able to verify that they've reached active email account.
    - Simply opening a message can notify a spammer that your account is valid. The message can contain an image that isn't requested from the spammer's server until you open it, or set a cookie, or run a script within the message. Many email programs now have these features disabled by default, but it's a good idea to check the program's setting - or just delete any spam without opening it.
    - If you reply to a message with the intention of opting out of what appears to be an email list, you can end up getting more spam. Don't opt out or unsubscribe unless you're sure you subscribed in the first place, or know and trust the institution that sent you a list message.

| TOP |

Last updated 6/18/2014