To combat email spear phishing and other cyber-attacks, emails sent to personal Purdue email accounts from external sources will soon appear with a warning banner designed to remind the recipient to use caution when opening links or attachments.
The banner, which reads “External Email: Use caution with attachments, links or sharing data,” does not appear on outgoing email and does not impact delivery or affect the content of the email. Instead, it helps protect the recipient from “spear phishing” attempts, which is the fraudulent practice of sending emails appearing to be from a known or trusted sender to induce targeted individuals to reveal confidential information.
The warning banner will be placed on all email from external sources starting on June 1, but anyone can request to have their account receive bannered emails now by filling out this request form.
Although spear phishing attempts are not new, individuals with ill intent have increased the use of the tactic as security measures like multi-factor authentication have made phishing less successful. At Purdue, ITaP is seeing a rise in attacks from external addresses impersonating Purdue staff or faculty. Recent examples involve individuals creating email accounts using services such as Gmail with an address, display name, and signature that impersonate Purdue personnel. The attackers then send targeted messages to individuals in the same department requesting information from the recipient.
To combat phishing attacks, all email users should be on alert for any unusual emails or texts, especially from new or unknown individuals. Suspicious emails or discussions you did not initiate should be treated with caution.
By default, only @purdue.edu addresses will not have the banner applied. Any exemptions for external senders will need to be requested by the service owner and then vetted by Purdue System Security. To do so, send the following information to security@purdue.edu:
Last updated: 4/4/2022