Phishing emails are getting more sophisticated and compelling and are increasing in frequency. The majority of these phishing emails are from external sources with very compelling email subject lines. As part of APU's effort to reduce phishing and other email scams, these external email messages will now receive an [External] tag in the message subject.
Internal Message Subject Example:
"Meeting today at 3:00pm"
External Message Subject Example:
"[External] Meeting today at 3:00pm"
Many safe and legitimate email messages come from external email systems. The [External] tag does not mean the message is a scam, but it does provide additional information about the message source. The [External] tag means you need to stop and think about this email:
- Is it from a sender you know?
- Were you expecting the email?
- Verify with your friend or co-worker over the phone if you are unsure or if the email seems a bit off.
- If there is a link in the message, Don’t click it! You can forward it to firstname.lastname@example.org, and a Support Center representative in coordination with the IMT Security Office will review it for safety and authenticity. For more information on identifying spam and phishing see the Phishing page on security.apu.edu.
- Does the message make sense? A legitimate message would not ask you to provide your credentials to maintain your account access.
- No [External] tag, but still a bit suspicious? Internal users can have their account compromised and be used to send out additional phishing emails. Contact the IMT Support Center at (626) 815-5050, email@example.com, or support.apu.edu if you have concerns.
Why should I pay attention to the [External] tag?
The email subject might be worded in a very compelling way. The text itself includes threats of lost access, requests to change your password, or even IRS fines. The sender’s email address can be a clever fake, or can even be “spoofed” to appear like someone you know. Don’t believe it!
Can I personally opt-out of [External] tagging?
No, [External] tagging is added to all Azusa Pacific University email accounts to help signify email from unknown sources.
How to submit a request for exemption from [External] tagging for a major University sending service?
Contact the IMT Support Center at (626) 815-5050, firstname.lastname@example.org, or support.apu.edu.
Are [External] tagged messages dangerous?
Not all [External] messages are dangerous. Many legitimate messages come from external sources. However, a common phishing technique is spoofing our Azusa Pacific University email addresses. The [External] tag is one more signal to determine authenticity.
Does [External] tagging do any additional scanning, filtering or sorting?
No additional scanning, filtering or sorting is performed. If the message origin is a non-Azusa Pacific University system then [External] is added to the beginning of the email message subject.
Additional information can be found at security.apu.edu.