Most email scams begin with messages from an external email system. As part of the St. Vrain Valley School District’s effort to reduce Phishing and other email scams, these non-district email messages receive an [external] tag in the message subject.
Example of an Internal Message Subject: Welcome to the new school year!!
Example of an External Message Subject: [external] Welcome to the new school year!!
Phishing emails are becoming increasingly complex and persuasive. The email subject could be written in an enticing manner. The text itself could include requests of assistance, threats of lost access, requests to change your password, or even IRS fines. The sender’s email address can be a clever fake, or can even be spoofed to appear like someone you know. Don’t believe it!
It is important to point out that many safe and legitimate email messages come from external email systems. The [external] tag does not mean the message is a scam, but it does provide additional information about the message source. The [external] tag is there to help. The [external] tag means you need to stop and think about this email:
- Is it from a sender you know? Were you expecting the email? Verify with your friend or co-worker over the phone if you are unsure or if the email seems a bit off.
- If there is a link in the message, do not click it. For more information on identifying Spam and Phishing, see this Phishing article.
- Does the message make sense? A legitimate message would not ask you to provide your credentials to maintain your account access or for you to purchase a gift card in a hurry.
- No [external] tag, but still a bit suspicious? Internal users can have their account compromised and be used to send out additional Phishing emails. If your account is compromised, the spammers may gain access to your money, or worse, access to district systems and confidential information.
This new [external] tag feature will help protect your account from being compromised, giving away personal finances, as well as protect the school district.
Frequently Asked Questions
Q: Are [external] tagged messages dangerous?
- Not all [external] messages are dangerous. Many legitimate messages come from external sources. However, a common Phishing technique is spoofing our St. Vrain Valley School District email addresses. The [external] tag is one more signal to determine authenticity. The [external] tag means you need to stop and think about the email.
Q: Does [external] tagging do any additional scanning, filtering or sorting?
- All existing Google Spam protection and compliance settings still exist and will continue. No additional scanning, filtering or sorting is performed. If the message origin is a non St. Vrain Valley Schools District system, then [external] is added to the beginning of the email message subject.
Q: What is a current example of a Phishing email?
- There have been a number of emails sent to a schools’ entire staff from a non-district email account using the Principal’s name. Many times these emails are requesting assistance because they are in an important meeting and ultimately request the recipient to purchase gift cards with their own funds.
- Subject may read ”Quick Request,” “Are you available,” “I need your assistance,” or left blank
- An email with a display name of someone you know but with a NON svvsd.org email address such as @gmail.com.
- Email asks if you are available and they need your help
- Email asks if you could send your text number
- Email asks for a gift card or some form of funds