New Email Warning Messages
May 14, 2020
Since much of today’s workforce is operating from home, people have become the primary vector for cyberattacks. By the end of March 2020, the number of phishing attempts, and related scams rose by 667%. As the workforce adapts to new challenges, so do criminals. It is therefore clear that we, as users, must be more mindful than ever. To that end, next week, IITS will be implementing two types of warning messages in order to provide visual clues about email safety.
First, email that is sent from an external domain (e.g., Gmail, Yahoo, and Amazon) that is not sent on behalf of the District (e.g., Canvas, PeopleSoft, and PortalGuard) will include the following warning.
As the message states, do not click on links or open attachments if you do not know the content is safe. To verify a message’s legitimacy, you can always contact the individual or business directly by way of an official email address or phone number.
Second, those emails received from senders that cannot be verified will include the following warning.
This is especially important because cybercriminals can falsely identify themselves (spoof) in an effort to gain a victim’s trust. Although not all unverified emails are malicious (some business have still not configured their servers), the risk is high and the technique widely exploited.
Case in point: Many of you recently received an email that appeared to come from a colleague but was actually sent from a cybercriminal. Fortunately, some of you recognized the fake address — one similar to the following:
Unfortunately, due to space constraints, fake addresses are not visible when initially viewed on a phone, making these messages all the more essential in today’s environment.
On a final note, please understand that you, and not technology, are the best defense against cybercrime. We must strive to be mindful in our daily use of technology as cybercriminals find new ways to trick us into giving them what they want.
IITS encourages you to review the following related topics to help keep you cyber-safe during these extended, challenging times.
- How to Recognize Phishing Attempts
- Next Generation Antivirus for the Home
- Best Security Practices While Working from Home
- Beware Coronavirus (COVID-19) Scams
If you have any questions regarding this advisory, please feel free to email the Office of Information Security.