How many of you have seen an email like this one come through your inbox?
It is easy to respond quickly without considering who the sender is. If you look closely at the sender’s email address you will see firstname.lastname@example.org. Clearly this is not actually from Michael since it is not from @da.org. Sometimes we only quickly look at the name and not the sender’s actual address. So it can be easy to get tricked into responding.
You may have noticed that there are now some messages in your inbox marked with [EXTERNAL] at the beginning of the subject.
This is a new security measure we have taken to help mitigate phishing attempts like the one we demonstrated here. By adding [EXTERNAL] to the beginning of the subject, you will be able to know right away that this message came from someone outside of DA’s email system.
Looking at the example in the image below, you can see there are two messages from outside sources (Vimeo and Cisco) and one from an internal user (Jack Linger’s Blog).
It is IMPORTANT to not consider this as your only means for detecting a phishing attempt. It is just another tool in your belt.
As of this writing messages sent from within our DA Email system (Office365), Veracross, and internal hosted systems (like voicemail) will not be marked as an external source.