[External] tag in subject lines circled in red
The external tag is shown circled in red. [External] will display at the beginning of email subject lines for emails sent from outside the University.
Monday, February 25, 2019 - 11:52am

External email tags set to begin March 5

To combat phishing and help students, faculty, and staff identify potentially fraudulent email, external email tagging will be enabled on Tuesday, March 5, 2019. Messages sent from outside the University of Iowa (both suspicious and harmless) will be tagged with [External] in email subject lines.

Phishing is a type of cyberattack used to steal usernames, passwords, credit card information, Social Security numbers, and other private data by pretending to be from a trustworthy source such as technology or financial departments related to the university.

Many phishing attacks come from external sources. A message tagged [External] does not mean the email is malicious, only that recipients should take caution. Conversely, a message’s lack of an external tag does not indicate it is safe. The external tag is a reminder to stay vigilant when handling emails from external sources.

This solution has been in place at University of Iowa Hospitals and Clinics for nearly two years and will now apply consistently across the entire campus.

Learn more about these tags, including answers to frequently asked questions, in the external email tag support article.

What else is being done to combat phishing?

Phishing scams targeting our campus continue to be an ongoing problem. External tagging is one of several initiatives underway. Current tools and strategies to fight phishing include:

  • Automatic email filters block the vast majority of spam. The university receives 2.5 million external email messages a day. Approximately 69 percent of these messages are blocked by filters.
  • Regular campus education and security awareness campaigns.
  • Known phishing messages are posted to the phishing examples page to help campus identify scams.

As cybercriminals alter their attack methods, we will continue to evolve our approach to protect email accounts. Later this year, Two-Step Login with Duo Security will be required to access university email through Office 365 websites (https://office365.uiowa.edu). Confirming login through a device only you have in your possession (like a mobile phone) prevents cybercriminals from accessing personal or sensitive information with stolen credentials.

Avoid becoming the next phishing victim

The best defense to avoid being scammed is to be suspicious of any message asking for sensitive information. If the message seems off, it probably is. Trust your gut. Phishing attempts can be clever, but they’re easy to avoid if you know the signs. Review our phishing support page to find examples of current phishing scams seen on campus, tips to avoid phishing, and more.