Skip to main content

[External] Email Tagging

Phishing is among the top security concerns for Information Technology. Personal identifiable information, the primary target of phishing attempts, falling into the wrong hands can cause both financial and reputation damage to the University, students and its employees. Phishing attacks are often launched by including malicious attachments or links in email. When recipients open these malicious attachments or click on the links, it can spark an attack. Most email scams begin with messages from an external email system.

As part of the Villanova University's effort to reduce phishing and other email scams, these external email messages will now receive an [External] tag in the message subject. [External] email tagging makes it as easy as possible for you to recognize phishing attempts wherever we can.

Avoid becoming the next phishing victim

The best defense to avoid being scammed is to be suspicious of any message asking for sensitive information. If the message seems off, it probably is. Trust your gut. Phishing attempts can be clever, but they’re easy to avoid if you know the signs.

external email sample

Most email scams begin with messages from an non-Villanova email (external) email system, when enabled these external email messages will now receive an [EXTERNAL] tag in the message subject. Many safe and legitimate email messages come from external email systems and the [EXTERNAL] tag does not mean the message is a scam or malicious, only that recipients should take caution and read carefully. All email originating from outside the university, except for approved services, will be tagged with this [EXTERNAL] message.   See sample below:

Internal Message Subject Example:

"Datasheet Integrating"

External Message Subject Example:

"[EXTERNAL] Datasheet Integrating"

It’s important to note that an email message with this warning does not necessarily mean the email is malicious – only that the recipient should take caution before clicking any links or attachments included within the email. The [EXTERNAL] tag means you need to stop and think about this email:

  • Is it from a sender you know? Were you expecting the email? Verify with your friend or co-worker over the phone if you are unsure or if the email seems a bit off.
  • If there is a link in the message, Don’t click it!  Instead, hover over the link to verify legitimate, or manually enter the known good URL into your browser.
  • Does the message make sense? A legitimate message would not ask you to provide your credentials to maintain your account access.