ITS Issues Phishing Warning
10/01/2019
Information Technology Services (ITS) has issued a warning about email phishing schemes, and is offering guidance for the SLU community.
The Problem
- Emails originating from outside Saint Louis University should be approached cautiously. This is especially true for messages designed to provoke an immediate response and to solicit sensitive information such as password changes, benefits changes, employment opportunities, etc.
- While SLU’s security measures are able to block many of these malicious emails before they reach University employees and students, some still make their way through to inboxes.
New Measures to Combat Phishing Underway
In order to better thwart phishing attempts and help SLU users identify email that is potentially fraudulent, ITS is in the process of enhancing security related to Outlook.
Appending [External] To Subject Lines
- Most email scams begin with messages from an external email system. As part of SLU's efforts to reduce phishing and other email scams, external email messages will have [External] appended to the beginning of the message subject line.
- This will provide users with an immediate indicator to treat the message with a greater degree of care.
- This change will take effect during the evening of Thursday, Nov. 7.
Junk Email Folder
- SPAM messages are generally sent from systems with a reputation for sending mass emails. In order to provide University users with a better messaging experience and help them identify messages sent from mass emailers, low-priority and bulk email will now be directed to Outlook’s “Junk Email” folder, and automatically deleted after 30 days.
- This change will take effect during the evening of Thursday, Nov. 7.
"Report to SLUAware" Button
- If you do receive a message that you believe to be phishing attempt or otherwise malicious, please highlight it and click the new "Report to SLUAware" button (an envelope with a fish hook through it on your toolbar).
- Report to SLUAware" button (envelope with a fish hook through it). You’ll find it in Outlook (on the primary toolbar), Outlook Online (toolbar within the message), and in Outlook Mobile (under the “More Options” menu within the message).
- Pressing this button will permanently delete the email from your inbox and send the message to SLUAware, our information security team, for further analysis and action.