What is Changing?
To combat phishing and help all IWU community members identify potentially fraudulent email, IWU IT will be activating external email tagging.
Starting November 29, 2018, all email messages received from outside IWU will now be marked at the top of the body of the email with red text that reads:
** This message originated from outside the Indiana Wesleyan University email system **
Messages tagged do not mean the email is malicious, only that recipients should take caution. Do not click on links or open attachments in messages with which you are unfamiliar. All email originating from outside the university, except for approved services, will be tagged with this message.
Why are we doing this?
Phishing is a top threat. Personally identifiable information, the primary target of phishing attempts, falling into the wrong hands can cause both financial and reputation damage to the University, students and its employees. Phishing attacks are often launched by including malicious attachments or links in email. When recipients open these malicious attachments or click on the links, it can spark an attack.
Email originating from outside IWU should be approached cautiously, especially messages with subject matter containing information on password changes, email quotas, benefits changes, requests for funds and more. A high percentage of phishing attempts targeted towards the University often comprise these topics.
Below is an example of where the notification will typically show up on an external email. Again, even though it is an external email, this particular message would not be considered malicious.
Hackers target Universities by sending emails to both employees and students falsely portraying themselves as a familiar contact within the University.
IWU employees have been targeted in the past by emails pretending to come from:
- IWU University President
- Human Resources
- Various Vice-Presidents
- Colleagues asking for immediate help to a general issue and asking for an email reply
Students have also received fake emails from:
- Financial Aid
- Registrars office
Please refer to the following KB article on how to spot fake emails: