Recent steps taken to reduce phishing attempts

Dear Faculty, Members, and Staff,

Over the past few months we have seen an increase in the number of tageted attacks against the Institute's email systems. In order to mitigate future attacks, Computing has taken several steps to better protect our email systems. This includes realigning our spam and phishing filters to better match vendor best practices, and establishing outbound email throttling to prevent widespread distribution of spam from the Institute.

Following these changes, we also make the following recommendations:

1. We recommend that you check your spam folder occasionally to understand how the new policies are affecting your normal mail flow.

2. If you forward your IAS email to another site (e.g. Gmail), please be aware that due to the recent attacks, some sites may have identified email from IAS as spam.

3. Please remember that IAS Computing will never ask you to input your password when clicking on a link from an email without fair warning. Any such request, especially those of an urgent nature, should be viewed with extreme skepticism. If you have entered your username and password from a phish, please change your password and contact your Helpdesk immediately.

4. If you have received a message you believe is a phish, or are suspicious that an email is a scam, we recommend that you forward a copy of the message to phish@ias.edu for further analysis. If the email is indeed a phish, it will be added to our Phish-bowl on the security website (under resources). The Phish-bowl keeps a current list of phishes that you can check. [the Phish-bowl was decomissioned in September 2022]

If you have further questions about these changes, or encounter any problems as a result, please contact your Computing Helpdesk at your convenience.

- Jeff

p.s. You can view a copy of this announcement on the IAS Security website here: https://security.ias.edu/summer-2017-email-changes