New email feature can help protect against phishing

New email feature can help protect against phishing

This week, the Division of Information Technology is releasing a new tool in the fight against phishing. Beginning Wednesday, any email a Bobcat receives from an email address outside the Texas State domain (txstate.edu) will be considered “external” and include a visual cue to alert you to think before you click.

Bobcats receive phishing emails nearly every day. Phishing messages target users via email, phone, or SMS text, in order to lure victims into providing sensitive data that can be used to commit cybercrimes. Technical controls filter out many of the malicious email messages targeting Texas State users, but sometimes a clever phishing email slips through.

Our new external email cue will present one of two warnings at the bottom of emails not from Texas State email addresses.

If the email comes from an authorized third-party with an established, university-wide relationship with Texas State (Adobe, for example), a green bar will appear at the bottom of the email with the following message:

NOTICE: This email originated from a third-party that has an established relationship with TXST. Caution should still be used when downloading files or clicking links as these are external services not operated by TXST.

If the email comes from an unknown third-party, the following message will appear on a gold background:

CAUTION: This email originated from outside the TXST network. Do not click links or download files unless you know the sender and content are safe.

The goal of these cues is not to label all external emails as dangerous, nor to try and stop anyone from outside Texas State from emailing you. Rather we hope to alert you to the origin of the email. In many cases, bad actors format emails to make them look as if they originated internally when they did not.

If you want to learn more about the dangers of phishing, our Information Security Office has two great resources for you:

  • The phishing page on the Information Security Office website offers a definition of phishing, tips on tell-tale signs someone is trying to steal your information, and instructions on what to do if you think you have received a phishing email.
  • The Phishbowl is your go-to resource for knowing the latest phishing attempts making their way through Bobcats’ emails. These phishing attempts can range anywhere from straightforward attempts to get you to click on a download, to more sophisticated phishes dressed up as job opportunities.

There are many ways criminals attempt to get your important personal information. You need to remain vigilant and actively take steps to protect yourself online. We hope our new external email cues will help you identify and report phishing emails to help stop attacks against all Bobcats. If you think before you click, the odds you fall for a fraudulent email are significantly reduced.

Scott Ayers is Director of IT Marketing and Communications

Print Friendly, PDF & Email
Filed Under: Cybersecurity, DOIT News, The Insider Tagged With: , , , , ,

AuthorScott

Scott Ayers is director of IT marketing and communications at Texas State University.