August 6, 2014

External email tag being removed; users should continue to exercise caution

Vanderbilt IT removed the [External] tag from the subject lines of emails sent by Vanderbilt students through their Vanderbilt Gmail accounts effective Aug. 6, and will remove the tag from all other external emails on the evening of Aug. 11.

(iStockphoto)

Vanderbilt IT removed the [External] tag from the subject lines of emails sent by Vanderbilt students through their Vanderbilt Gmail accounts on the evening of Aug. 6 and will remove the tag from all other external emails coming in to Vanderbilt email accounts on the evening of Aug. 11. The tag was added to emails July 10 in response to a specific series of targeted attacks that occurred in early July.

“The great input we received from faculty, students and staff is informing how we are addressing this serious issue,” John M. Lutz, vice chancellor for information technology, said. “We are continuing to closely monitor and combat phishing attacks and are planning several actions over the coming weeks and months to refine and strengthen our security protocols. We will continue to consult with faculty, students and staff as we build this plan.”

All members of the Vanderbilt community are urged to remain vigilant to possible phishing scams and to exercise caution when clicking on links in emails from unknown or suspicious addresses. VUIT offers the following guidelines for avoiding and reporting phishing scams:

  • No entity at Vanderbilt will ask for your credentials, including ePassword verification, via email. Any email requesting you to do so should be treated as a potential phishing attack.
  • VUIT will never ask you to modify your inbox or adapt security measures via an email link. Any email requesting you to do so should be treated as a potential phishing attack.
  • Be aware that attacks can also come from Vanderbilt addresses that have been “spoofed” by phishers.
  • If you receive an email either from an external or internal contact that you suspect may be a phishing attempt, please notify the VUIT Help Desk.

The Help Desk may ask you to send a copy or screen shot of the suspect email.

If you have questions or concerns regarding suspicious email, links or websites, check with your local support provider or any of the following before clicking on suspect links.

VUIT Help Desk: (615) 343-9999

VUMC Help Desk: (615) 343-HELP

It is important to report suspect activity as soon as possible.