Message from IT Services: External email tagging begins Monday, October 18

This message is being sent on behalf of Sajeev Vijayakumar, director, Information Security. Please direct questions to the IT Service Desk at servicedesk@dc-uoit.ca or 905.721.3333.

WHAT

As part of Durham College’s (DC) efforts to reduce phishing and other email scams, IT Services will be adding a banner to the top of all external email messages received by students. External messages are emails sent from outside our organization and do not end in durhamcollege.ca, dcfaculty.ca or dcmail.ca.

Effective Monday, October 18, emails received from an external source will now include the following banner message at the top:

DATE

Monday, October 18

DETAILS

Why are we tagging external emails?

Most phishing attacks and email scams originate from outside our organization. Adding a banner to the top of email messages that originate outside of our organization will provide a visual indicator for our users that the message was not sent from a member of our organization.

What is a spoofed email?

Email spoofing is the manipulation of an email header in the hopes of deceiving the recipient into thinking the email originated from someone or somewhere other than the intended source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.

As an example, a spoofed email may appear to be from a well-known sender, such as a person in a position of authority, asking the recipient to take immediate action or provide personal information like a password or credit card number. The fake email might even ask the recipient to click on a link which is just a link to download and install malware on the recipient’s device.

External email tagging is our way of providing more information to our users so they can make an informed decision about the nature of emails they are receiving.

Can I opt out of the external message tagging?

No, the external message tagging will be added to all Durham College email accounts to help identify emails from external sources.

WHAT YOU NEED TO DO

When you receive an external email

Many safe and legitimate email messages come from external email systems. If you receive an email with the external message warning, it does not mean the message is a scam but you are encouraged to consider the following:

  • Is the email from a sender you know? Were you expecting the email? Verify with the sender over the phone if you are unsure.
  • If there is a link in the message, before clicking it, hover over it to see the web address. If you are directed to a login page, double-check the URL of the webpage before entering your login credentials.
  • Does the message make sense? A legitimate message would not ask you to provide your credentials to maintain your account access.

How do I report a suspicious email?

Never directly respond to a phishing email. If you have any suspicion or hesitation about an email message that you have received, please report the email to IT Service Desk using the following instructions:

  1. Open a new email message and address it to servicedesk@dc-uoit.ca.
  2. Drag and drop or insert the suspicious email into the new email as an attachment. Sending the questionable email as an attachment will preserve necessary information IT Services will need to analyze the email.

If you have any questions, please contact servicedesk@dc-uoit.ca.