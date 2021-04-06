During spring break, the Office of Information Technology launched a new banner designed to combat phishing via email but then withdrew it because of user complaints.
In the last couple of years, the OIT has spent over $4 million on security updates, but preventing phishing scams has proven to be difficult from a technical standpoint. Confusion over why the banner was there and complaints that it obstructed email previews caused the Office of Information Technology to recall it.
The office added the banner to make people aware that an email came from outside UTA, said Lee Pierce, OIT continuous improvement director.
The office saw people falling prey to phishing and had been testing the banner internally. They felt it was the right time to go ahead and stop testing and implement it on March 15, Pierce said.
Some phishing attacks mimic UTA addresses, but the banner acted as an indicator that an email originated from outside the university to help students make informed decisions while interacting with them, he said.
“There’s so many ways that people can try and use phishing to get information out of students,” Pierce said.
Pierce said the office decided to contact people who had questions or concerns and create a small focus group.
In the end, there was a double benefit to recalling the banner: the potential for a bigger conversation about phishing. It also gave the OIT the chance to directly hear from users while retooling the banner, he said.
The office is reassessing how it will implement the banner, Pierce said. Ideas for the new banner include adding the words “external email,” at the top while leaving the email preview intact and adding the banner in the email footer.
The OIT used TrailBlazer and MyMav to inform the campus that the banner was coming, but because it came so close to spring break, many may not have noticed, Pierce said.
Erika Leal, Cyber Security Club research chair, saw the email notifying campus residents about the banner.
Leal has seen similar banners used by other organizations, so she was used to seeing it already.
“For UTA to do it, I mean it seems interesting because I know UTA deals with a lot of phishing attacks,” Leal said. “Hopefully that banner will alert people.”
In her experience, the banners are a double-edged sword. The benefit is that people know the email is originating from outside UTA, while the down side is it could possibly filter out critical information, she said.
Users will not be able to turn off the next banner OIT will implement as it will be systemwide, but there will be a process to request exceptions, Pierce said.
Large companies and vendors that communicate regularly with UTA will likely get exceptions, pending review by the Information Security Office.
The banner is currently slated to relaunch sometime in mid-May. It will be a permanent addition for faculty and students, Pierce said.
“The end goal is yes, we will have it until, I guess, such a time as companies that have email programs think of an even better way,” Pierce said.
@WolfIsaly
