How is my Davidson email protected against phishing?
Davidson Technology & Innovation (T&I, formerly ITS) has added additional protection from phishing attacks and malware in our Office 365 email system.
These improvements, via Microsoft's Advanced Threat Protection (ATP) software, help identify and protect from risky Office 365 email content. ATP helps us better detect and prevent phishing incidents by:
rewriting links to test for dangerous content and warn users if they are attempting to access a malicious site
scanning attachments in a sandbox environment, and blocking emails with attachments that are deemed malicious
allowing T&I to block URLs for localized threats
How does this improve security?
We will receive a more accurate report of who clicked on malicious email links, which enables us to respond to phishing incidents more efficiently.
ATP will protect devices that are both on and off the campus network.
You are less likely to receive emails in your inbox that contain malicious attachments.
If you click on a link known to Office 365 to be malicious -- or is later reported by others at Davidson to T&I as malicious -- you may receive a warning message automatically, or may be contacted by T&I and required to reset your passwords or take other security actions.
What does this mean for you?
Links in your emails may appear different. We would still encourage you to inspect links to ensure they're legitimate by identifying the base URL (highlighted below in yellow) in the rewritten 'safe' link. You will see a safelinkwhen you hover over hyperlinked text:
In a plaintext email, this is an example of what a safelink might look like for www.fedex.com/en-us/tracking.html:
If Office 365 determines that a link is malicious, it will display a warning page, which indicates that the website you are attempting to visit may contain malware or try to steal your confidential information. If you feel confident that the site is not in fact a threat, you may access it at your discretion.
You may occasionally experience a delay when when clicking links, if the link is still being scanned by Office 365. From time to time, you might see a page stating that Office 365 is in the middle of scanning a link. You should be able to click through to your destination once ATP ensures the site is legitimate.
Does this system impact my privacy?
The purpose of this system is to reduce the threat to the college from phishing and malware. Much of the scanning and remediation is done through automated processes. Davidson T&I staff will review the system to determine whose accounts may be at risk when Office 365 detects a known malicious/phishing site, or, when a member of the campus community reports a phishing attempt to T&I. These steps are necessary to help protect you and your personal data, along with Davidson's accounts, electronic resources, and systems.