Starting Wednesday, June 1, emails sent to personal Purdue email accounts from external sources will appear with a warning banner designed to remind the recipient to use caution when opening links or attachments.
The banner, which reads “External Email: Use caution with attachments, links or sharing data,” does not appear on outgoing email and does not impact delivery or affect the content of the email. Instead, it helps protect the recipient from “spear phishing” attempts, which is the fraudulent practice of sending emails appearing to be from a known or trusted sender to induce targeted individuals to reveal confidential information.
Although spear phishing attempts are not new, individuals with ill intent have increased the use of the tactic as security measures like multi-factor authentication have made phishing less successful. At Purdue, ITaP is seeing a rise in attacks from external addresses impersonating Purdue staff or faculty. Recent examples involve individuals creating email accounts using services such as Gmail with an address, display name, and signature that impersonate Purdue personnel. The attackers then send targeted messages to individuals in the same department requesting information from the recipient.
To combat phishing attacks, all email users should be on alert for any unusual emails or texts, especially from new or unknown individuals. Suspicious emails or discussions you did not initiate should be treated with caution.
Spear phishing attacks, where the sender impersonates the email of a known person to get sensitive information, are on the rise. ITaP is implementing a new warning banner on all externally generated email arriving in campus inboxes. The warning reads: "External Email: Use caution with attachments, links, or sharing data"
Last updated: May 20, 2022