In response to increasing of email impersonation and phishing attacks, the Office of Information Technology has enabled new security features for Boise State Gmail accounts.
You may begin seeing warning messages when you open an email message that Google suspects may be spoofing or phishing, similar to below:
If you receive an email containing one of the following warnings, please treat the message with caution:
“A sender similar to a name in your organization”
This means you are communicating with someone who is not using a @boisestate.edu address. This could be someone’s personal account, or could be a spoofing attempt.
Closely read the message header information to be sure.
“A message that could not be verified that it came from the domain”
Verify the message is real by contacting the person or company purporting to have sent the message, using means other than replying to the email.
If the message turns out to be fake, use the Report Phishing button in the warning message to let Google know it should treat that message as malicious.
The more people who report a verified phishing email, the faster malicious email messages are removed or blocked by Google.
What is email spoofing?
Email spoofing is a method of impersonating someone else when sending an email.
Some spoofing is legitimate, such as when a trusted application sends a message to students from a university department email address.
However, malicious spoofing occurs when untrusted or unauthenticated sources send email pretending to be from a university domain, person, or email address.
Spoofing is a powerful part of email phishing attacks, which use social engineering to trick people into providing sensitive information such as passwords or other data that can be used to compromise identities and systems.
How does Google protect us from spoofing?
With the recently-enabled security features, Google prominently displays a yellow warning message when you open a message that cannot be verified.
There are a few scenarios that may trigger these warnings:
- A message sent from an unauthenticated email domain
- A message sent from an email domain that is visually-similar to ours
- A message sent from an email address and display name that is similar to a boisestate.edu account (e.g., Jane Doe <firstname.lastname@example.org>)
What should I do if my identity is being spoofed?
The Office of Information Technology secures Boise State’s email domain to help prevent email spoofing, either blocking unauthenticated messages or displaying these prominent warnings so recipients will know a spoofed email is not actually from you.
If you or someone else receive messages that you did not send—especially if Google does not flag them as suspicious—please report them to the Help Desk.
Contact the Help Desk at (208) 426-4357 or email email@example.com for additional information about these Gmail security features.