Most email scams begin with messages from an external email system. As part of the St. Vrain Valley Schools effort to reduce phishing and other email scams, these external email messages will now receive an [external] tag in the message subject.
Example of an Internal Message Subject:
“Welcome to the new school year!!”
Example of an External Message Subject:
“[external] Welcome to the new school year!!”
Phishing emails are getting more sophisticated and compelling. The email subject might be worded in a very compelling way. The text itself includes requests of assistance, threats of lost access, requests to change your password, or even IRS fines. The sender’s email address can be a clever fake, or can even be “spoofed” to appear like someone you know. Don’t believe it!
Many safe and legitimate email messages come from external email systems. The [external] tag does not mean the message is a scam, but it does provide additional information about the message source. The [external] tag is there to help. The [external] tag means you need to stop and think about this email:
- Is it from a sender you know? Were you expecting the email? Verify with your friend or co-worker over the phone if you are unsure or if the email seems a bit off.
- If there is a link in the message, Don’t click it! For more information on identifying spam and phishing see this Phishing article
- Does the message make sense? A legitimate message would not ask you to provide your credentials to maintain your account access or for you to purchase a Gift card in a HURRY.
- No [external] tag, but still a bit suspicious? Internal users can have their account compromised and be used to send out additional phishing emails.
This new feature will help protect your account from possibly being compromised, giving away personal finances as well as protect the School District. If your account gets compromised, the spammers may get your money or worse, access to District systems and confidential information.
Q: Are [external] tagged messages dangerous?
- Not all [external] messages are dangerous. Many legitimate messages come from external sources. However, a common phishing technique is spoofing our St. Vrain Valley District email addresses. The [external] tag is one more signal to determine authenticity.
Q: Does [external] tagging do any additional scanning, filtering or sorting?
- All existing Google Spam protection and compliance settings still exist and will continue. No additional scanning, filtering or sorting is performed. If the message origin is a non St. Vrain Valley Schools system then [external] is added to the beginning of the email message subject.
Q: What is a current example of a phishing email?
- There have been a number of emails sent to schools’ entire staff from a non-district email accounts but using the principals’ names. Many times these emails are requesting assistance because they are in an important meeting and ultimately request the recipients purchase gift cards with their own funds.
- Subject may have read ”Quick Request” – or – “Are you available?” – or- Blank subject – or – “I need your assistance”
- An email with a display name of someone you know but with a NON svvsd.org email address such as @gmail.com. Email asks 1. If you are available and they need your help or 2. Send me your available text number that I can reach you at or 3. Email asks for a gift card or some form of funds.
- This email was never from svvsd.org.