New email notification in Outlook to help faculty and staff identify phishing attempts

As Iowa State University faculty and staff continue to navigate their new, more virtual environment, the Information Technology Services (ITS) security team has taken steps to proactively support security with a new email notification and message reporting add-in for Outlook accounts. With the dramatic increase in online communication and information sharing, the risk of cyber-attacks by scammers and hackers remains as present as ever. 

One such cyber-attack, called phishing, exploits the trust of an email recipient by impersonating someone they know or work with, to gain money, and also personal information or control over their computer, which can be even more damaging. At Iowa State University, some phishing attackers have impersonated vice presidents, department chairs and even university President Wendy Wintersteen. 

To help faculty and staff effectively identify and avoid phishing attempts, ITS has worked to implement an email notification within Outlook for all messages originating from free email services like Gmail, Hotmail, Outlook.com and others. The notification itself warns recipients that the email has come from a user outside the university and provides a link to learn more about reporting a phishing attempt. Faculty and staff who have opted into using CyMail for their ongoing email communications will not see this notification as it is only active in Microsoft Outlook. Likewise, emails from CyMail accounts will not generate this message as it is originating from an iastate.edu account.

Grey box with text reading "Message is not from an Iowa State email account. Learn how to report suspected phishing."

Additionally, the “Report Message” add-in will be pushed to all Outlook desktop application tool bars making reporting phishing to the IT security team a simplified, two-click process. Reporting a message as ‘phishing’ using this add-in will send a notification to the ITS security team automatically. This feature is already available to Outlook web application users and performs the same function. 

Report message add-in pull-down menu with phishing option highlighted.

For more guidance on recognizing and reporting phishing attempts, visit the Identifying and Reporting Phishing knowledge base article in the IT Portal.