Changes to TechMail delivery of messages marked with phishing warning
|NOTE: This announcement is no longer current and has been maintained only for archival purposes.|
No One at Texas Tech University or from Anywhere Else Should Ask For Your Password
As you may be aware, TechMail inserts an anti-phishing warning message into incoming email messages that spam filters identify as possible phishing attempts (a deceptive technique used by cyber criminals to entice you to voluntarily provide personal information and/or login credentials). The inserted warning message reads:
WARNING: This message is not from a sender on your Safe Sender's list AND MAY BE AN ATTEMPT TO STEAL YOUR PASSWORD. No email from a reputable source will ever ask for, or direct you to verify, your email account information! If you are certain of the sender's identity and need to reply or forward this message, delete this warning verbiage before sending and add the address to your Safe Sender's list. For further assistance, call (806) 742-4357.
This warning is prepended to messages due to Internet phishing attempts. These phishing attempts appear to come from a TTU email address and request that an individual divulge their username and password information. The warning is intended to alert and educate TechMail users about best security practices.
Do not reply to the message. No one at Texas Tech University or from anywhere else should ask for your password.
If you are positive the email message you received is legitimate and not an attempt to obtain your private information, you may reply to the message. However, in your reply you must remove the warning text mentioned above by selecting and deleting it; otherwise, the message you send will be rejected.
Messages sent within Texas Tech University will not contain the above message. Any messages within Texas Tech University include email sent through:
- TechMail Exchange Servers (MAPI, Outlook Web Access, or ActiveSync interfaces)
- HSC eMail Exchange Servers
In the past, any incoming email that had this warning message inserted was automatically placed in the recipient's Junk Mail folder. Effective immediately, incoming email that has the warning message inserted will not automatically be placed into Junk Mail and will appear in your Inbox. This change should help alleviate reported issues with legitimate/business email being placed into Junk Mail folders.
Since TechMail spam/phishing filtering is affected by various server and client strategies, please note that:
- TTU IT strongly recommends that you actively maintain your Safe Senders List - email from Safe Senders is never affected by spam/phishing filters;
- Any email from a sender not on your Safe Senders list could still be scored as spam and delivered to your Junk Mail folder, including email with the anti-phishing warning message;
- No spam filter or anti-spam strategy is ever accurate 100% of the time, so you should check your Junk Mail folder regularly for any email that filters have incorrectly identified as spam. To prevent this, add the sender to your safe sender list;
- All email older than 30 days is automatically deleted from your Junk Mail folder; and
- In addition to spam filtering performed by TechMail servers, your email client can be used for additional spam filtering or for establishing custom rules that can direct your incoming mail to specific folders.
Phishing attempts are becoming increasingly difficult to detect. The TTU IT Division recommends the following best practices to help protect your personal information, as well as University information resources:
- Do not respond to emails that ask you to provide your personal information or your login username/passwords;
- Avoid clicking on links provided in emails, unless you are certain the link is to a legitimate and authentic web site;
- Be aware that phishing emails are designed to look authentic, even using official company logos and text and appearing to come from a legitimate source; and
- Cyber criminals that obtain your email account credentials (i.e. username/password) can use your email account to send spam and malware to your friends and family (via your Contacts List), and potentially to thousands of email addresses all over the world.