Microsoft Defender for Office 365

Widener LIS will be enabling Microsoft Defender for Office 365 on June 1st for Widener email (Outlook). All links that are found in an email are scanned by Office 365 protection services to check for security threats.

If an link is found to be unsafe, the user will be alerted with an interface describing the issue. If encountered, please close the web page immediately and continue on with your day knowing you were protected. If you feel like this website has been categorized by mistake, please open a quickticket and we will investigate. Using the “continue anyway” link is never recommended without the explicit direction of a member of the ITS Information Security Team.

Safe Links

When a message contains a clickable image or text, the original address of the link will be replaced with a “safe link”. Safe links always contain the domain name “safelinks.protection.outlook.com/”.Safe links will show you the original URL when you hover over the link. Emails shown in plain text mode will show the full “safe link”.

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :

If you have any questions, please open a quickticket.widener.edu or call the HelpDesk at 610-499-1047 for further assistance.

Phish Alert Button (PAB) Release

We would like to introduce you to the new Phish Alert Button (PAB). Using the PAB helps us keep the university safe. The PAB is automatically deployed to your Outlook Desktop ribbon and Outlook Web App email reading pane command bar. Use this to report any suspected phishing emails. Please select the button whenever you receive a suspicious or potentially dangerous email. Upon selecting the PAB, the email will be deleted from your inbox and forwarded to ITS.

Detailed screenshots of the Phish Alert Button are available here: http://sites.widener.edu/service-catalog/pab/

Thank you for helping to keep our organization safe from cyber-crime.

Widener University
Office of Information Security
wuiso@widener.edu

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :

If at any time you experience any issues with training, please submit a quickticket.widener.edu or call the HelpDesk for further assistance.

PHISHING Awareness: [EXTERNAL:] Email Subject Tagging

Phishing is among the top security concerns for Information Technology. Personal identifiable information, the primary target of phishing attempts, falling into the wrong hands can cause both financial and reputation damage to our university, students and its employees. Phishing attacks are often launched by including malicious attachments or links in email. When recipients open these malicious attachments or click on the links, it can spark an attack. Most email scams begin with messages from an external email system.

As part of Widener University’s effort to reduce phishing and other email scams and spoofing, these external email messages will now receive an [External:] tag in the message subject. [External:] email tagging makes it as easy as possible for you to recognize phishing attempts wherever you can.

Avoid being scammed

The best defense to avoid being scammed is to be suspicious of any message asking for sensitive information. If the message seems off, it probably is. Trust your instincts. Phishing attempts can be clever, but they’re easy to avoid if you know the signs.

What is [External:] tagging and how does it work?

Most email scams begin with messages from a non-Widener (external) email system. When tagging is enabled these external email messages will now receive an [EXTERNAL:] tag in the message subject. Many safe and legitimate email messages come from external email systems. The [EXTERNAL:] tag does not mean the message is a scam or malicious, only that recipients should take caution and read carefully. All email originating from outside the university, except for approved services, will be tagged with this [EXTERNAL:] message. See sample below:

What should I do when I see an [External:] email?

Its important to note that an email message with this warning does not necessarily mean the email is malicious, only that the recipient should take caution before clicking any links or attachments included within the email. The [EXTERNAL:] tag means you need to stop and think about this email:

Is it from a sender you know?
Were you expecting the email?
Verify with your friend or co-worker over the phone if you are unsure or if the email seems a bit off.
If there is a link in the message, Don’t click it! Instead, hover over the link to verify it is legitimate, or manually enter the known good URL into your browser.
Does the message make sense?
If you are concerned and unsure, send the message to Phish@widener.edu

Note: A legitimate message would not ask you to provide your credentials to maintain your account access.