Phishing messages continue to be one of our larger security threats. However, a target must cooperate with a phishing attack in order to be exposed. Therefore, the strongest defense against phishing continues to be good judgement. The majority of phishing emails come from outside the university, and next month ITS will enable a security feature in Office 365 that displays a banner across the top of emails that come from external sources. This visual indicator will signal the need for a more careful review. The banner will appear where external messages masquerade as coming from internal individuals, but it will not be present with internal phishes using stolen UConn credentials. The ability to better assess the source of a message will help our community better protect themselves, and while this approach is not perfect, it is an available improvement and a part of evolving best practices.
We are finalizing the message and design of the banner and carefully determining what the system considers internal. Notably, University managed services, such as ListServ and the student email system (G Suite), will not be marked as external. Before we turn on this feature, we will notify faculty and staff about the update.