External Email Notification:
Phishing is a top cybersecurity threat to the University of Wyoming. Personally-identifiable information - the primary target of phishing attempts - which falls into the wrong hands can cause much financial and reputational damage to the University and its employees. Phishing attacks are often launched by including malicious attachments or links in email. When recipients open these malicious attachments or click on the links, it can spark an attack.
Email originating from outside UW should be approached cautiously, especially messages with subject matter containing information on password changes, email quotas, benefits changes, and more. A high percentage of phishing attempts targeted towards the University often compromise these topics.
To combat phishing and help employees identify potentially fraudelent email, UW has activated external email tagging. Starting October 1st, 2018, messages sent from outside UW will now be marked in the body of the message with the graphic below:
Messages tagged with this graphic does not mean the email is malicious, only that recipients should take caution. Do not click on links or open attachments in messages with which you are unfamiliar. All email originating from outside the university, except for approved services, will be tagged with this message.
FAQ:
Why do some of my email messages get tagged with a caution warning?
UW has activated external email tagging. Messages sent from outside of UW will be marked in the body of the message with a caution warning. Only vendors that have been approved to send as uwyo.edu are considered internal. Messages sent from email services that are not included in our list of approved senders are not considered "internal." If your department or organization's emails are flagged with the caution warning and you would like them to be considered "internal," submit a request through the UWIT service center.
Why is this change being made?
To help prevent phishing attempts against faculty, staff and students.
I don't think a specific message or sender should be tagged.
It is the intent that all external messages should have the caution warning. Just because a message has the caution warning does not mean that it is bad just that it orginiated outside of the University of Wyoming. However if you are certain that there is an error please contact the UWIT Help Desk.
I understand the risks of phishing scams. Can you selectively turn off this warning message for my account as I will not fall victim to these scams?
We are not able to selectively turn off this caution warning per customer account. Our interest is in protecting our campus from phishing attacks, and as we have seen in the past, no one is immune from these attacks.
I received an email message from my colleague, partner university, or vendor which was tagged as external. Can we remove this?
No.
An email from a vendor was not tagged as external. Does this mean that UW considers them internal?
Not necessarily. Some external senders use the same email services to send messages as other vendors that are considered "internal," allowing messages to not be marked as external.
Can I suppress the caution warning when I reply back to my external contacts?
You can delete the caution warning in your email when you reply.
I received an email from co-workers at different Universities which had the caution warning. What should I do with this email?
Exercise caution on all external messages, especially with links or attachments your are not expecting.
I received an email from a system that was tagged as external, but it came from a system my department uses. Is this not an internal system?
If the mail was sent from a system outside of UW, it is not internal. Only approved senders have been marked as internal. Please contact the UWIT Help Desk for questions on systems needing to be on the approved senders list.
I am a departmental or college-level communicator who uses Constant Contact/MailChimp/MyEmma to send out newsletters on behalf of my organization. Why do my messages have the external caution warning?
If the mail was sent from a system outside of UW, it is not internal. Only approved senders have been marked as internal. If you would like to request your email be classified as internal please contact the UWIT Help Desk.
I do not need a reminder telling me that every message is from outside of UW. Can you get rid of this?
No. Our intent is to protect the UW community from phishing attacks, and this is one of the methods we are currently using to help alert students, faculty and staff about potential phishing opportunities.