What is a spoofed email?
Email spoofing is the manipulation of an email header in the hopes of deceiving the recipient into thinking the email originated from someone or somewhere other than the intended source. It is common for spam and phishing emails to use email spoofing to trick the recipient into trusting the origin of the message. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.
As an example, a spoofed email may appear to be from a well-known sender, such as a person in a position of authority, asking the recipient to take immediate action or provide personal information like a password or credit card number. The fake email might even ask the recipient to click on a link which is actually just a link to download and install malware on the recipient's device.
Why are we tagging external emails?
Most email scams and phishing attacks originate from outside our organization. As part of the University of Missouri System effort to reduce phishing and other email scams we are adding a banner to the top of email messages that originate outside of our organization. This will provide a visual indicator for our users that the message was not sent from a user in our organization.
Phishing emails are getting more sophisticated and compelling. The email subject might be worded in a very compelling way. The text itself may include threats of lost access, requests to change your password, or even IRS fines. The sender’s email address can even be spoofed to appear like someone you know. External email tagging is our way of providing more information to our users so they can make an informed decision about the nature of emails they are receiving.
What does the external warning look like?
If the email message was tagged as external, a banner will appear at the top of the message body with a warning that the message originated outside of our organization.
Example of the warning message:
WARNING: This message has originated from an External Source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email.
What do I do if I get an external email?
Many safe and legitimate email messages come from external email systems. The external message warning does not mean the message is a scam but it does provide additional information about the message source. The warning tag is there to help. The warning means you need to stop and think about this email:
- Is it from a sender you know? Were you expecting the email? Verify with your friend or co-worker over the phone if you are unsure or if the email seems a bit off.
- If there is a link in the message, be careful about clicking it. Hover over the link to see if it is a link to a University webpage or resource. If you are directed to a login page, double check the URL of the webpage before entering your login credentials.
- Does the message make sense? A legitimate message would not ask you to provide your credentials to maintain your account access.
- No external warning, but still a bit suspicious? Internal users can have their account compromised and be used to send out additional phishing emails.
Never directly respond to a phishing email. If you ever have any suspicion or hesitation about an email message that your receive, you should report that email to abuse@missouri.edu.
How do I report a spoofed or suspicious email?
You can report phishing emails to the University. To do so, open a new email message and address it to abuse@missouri.edu. Drag and drop the phishing email from your inbox into this new email message as an attachment. Sending the questionable email as an attachment will preserve necessary information that our security team will need to analyze the email message
Can I personally opt-out of the external message tagging?
No, the external message tagging is added to all University of Missouri System email accounts to help identify email from unknown sources
How to submit a request for exemption from the external tag for a major University sending service?
Some University of Missouri System services use cloud systems which are not physically located on campus. In some cases, it may be appropriate for these systems to be exempted from the external tagging because they are a trusted source.
Guidelines for this process:
- Service is specific to the University of Missouri System
- Service is a campus or system standard platform used across several business units
- Service provides a dedicated IP space for their mail servers
- Service has a business need to spoof a University email address
Contact your local campus helpdesk to start the exception process.
Reviewed 2020-07-07