External Email Disclaimer
Beginning on Friday, June 1 all email messages not originating from ETSU official email servers or services will include [EXTERNAL] in the subject line and a disclaimer will appear at the bottom of the email body for all students, faculty, and staff.
Emails tagged with the [EXTERNAL] disclaimer may come from legitimate external sources and services and should not be discarded without revieiwing them first. Phishing attacks often originate from external sources using deception, email, and website impersonation to steal credentials and other personal information.The disclaimer is just a reminder to use caution when handling emails from external sources.
Always look at the URL or browser address to determine the authenticity of a website.
Although the university
uses a number of external services and websites, phishing attacks often try to impersonate the etsu.edu domain. Authentic ETSU domains end in etsu.edu. Below are a few examples of phishing attempts that we have seen. None of these link to legitimate ETSU websites:
Information Technology Services will never send emails indicating that your account, email, or storage is out of compliance. If you have questions about the legitimacy of an email or have entered your credentials on a fake ETSU login page please notify the Help Desk (firstname.lastname@example.org, 423-439-4648) immediately.
If another ETSU account is compromised it can become the source of phishing messages. When this happens the [EXTERNAL] disclaimer will not be present, but reviewing all emails with caution can help prevent the problem from spreading. Please contact the ITS Help Desk if you suspect you have received a phishing email. Diligence from all ETSU email users can help reduce the problem.
Below is an example of external phishing email.
Subject: [EXTERNAL] your account was automatically locked
Your ETSU account was automatically locked after several login attempts. Click this link to unlock your account https://etsu-its.webhosting.com/unlock.php
The [EXTERNAL] tag in the subject line identifies emails that do NOT originate from an ETSU person or service. Please exercise caution when handling emails from external sources. Any email that is unsolicited and requires you to take immediate action, appears to be forged or is PHISHING for information can be verified by emailing the ITS Help Desk.