Millersville adopts new anti-phishing measures for Outlook email accounts

A new caution message is displayed on any email that originates outside of the Millersville campus to protect students from phishing attempts or online scams. Millersville's Information Technology department addresses the intrusive nature of this message and how they plan to make it more integrated on mobile devices.

Jared Hameloth
News Editor

You hear a ding from your phone. You know it’s from the Outlook Mail app that you downloaded to check your Millersville emails. You go to check the notification, but you can’t read it, because “[EXT] CAUTION: This email originated from outside of Millersville. Do not click links or open attachments unless you recognize the sender and know the content is safe” takes up all of the room in the notification.

This auto-generated message is part of Millersville’s new anti-phishing measures put in place on Feb. 11 by Information Technology [IT] to curtail scammers from outside of campus. These tools are designed to keep students and faculty safe from falling for phishing attempts and scams.

Josh Hartranft, Millersville’s Director of Technical Support Services, said in an email interview that scamming attempts are more common on college campuses that most would think. “High level personnel changes that are promoted online and in the media are often used to launch spam [and] phishing campaigns. There have been several phishing campaigns in the last six months that have been successful.”

One of these instances occurred last year in early November, when someone under the name of Kerry Regner sent an email to Millersville students and faculty claiming to have a message from President Wubah, according to a ‘Ville Daily Bulletin archive from Nov. 6. 

The subject read “[sic] Memo From PresidentDaniel A. Wubah,” and contained links to outside websites that IT warned students to not click. That ‘Ville Daily was the second sent out that day, because the scam email went around later in the afternoon.

Hartranft explained some of the measures that IT has set up in response to these phishing attacks. “We are using tools such as SPAM firewalls, DNS protection that will block bad links, and education such as Cybersecurity events in October.” These tools are more behind-the-scenes attempts to block attacks, while the new warning message is meant to keep computer safety at the front of students’ minds when using their email.

“The injected [messages] into the subject and the Caution banner are meant to call attention to the source of the email. The tag doesn’t mean that the message is spam, but that it originated from outside of our email servers,” wrote Hartranft. 

But although this caution message is meant to protect students, the message has also been seen as intrusive. When using the Outlook Mail app to access the Millersville email, the subject line is the only readable line from the notification on the homescreen; the rest of the message gets cut off do to the caution message.

“Many people have reported the preview issue,” said Hartranft in response to a question about student disapproval. He mentioned that the message is not user based, but that it is implemented on the email server throughout the entire organization. 

Because of this, there is no setting to turn off the message. Hartranft reassured students about this problem, saying that “we are looking for a way to improve how the banner appears.” There was no timeframe given to the changes for how the message looks, but all the other anti-phishing measures are in place and protecting students.