Staff and Faculty E-Mail Policy Update


Starting December 1st, 2020 staff and faculty may not auto-forward email to external e-mail systems.  To increase protection on university-based email accounts and in line with Harrisburg University's Electronic Mail Communication Policy, features that allow automatic forwarding or automatic redirecting of emails to external e-mail systems will be disabled.


Why? 

Cyber criminals are continuing to exploit user trust by the use of fraudulent phishing emails. If an account is compromised, the threat actor signs in and enables auto forwarding on the mailbox to an external account. With access to the user’s email, the threat actor can:

  • Craft extremely topical and convincing spear phishing messages to other users, enabling them to compromise additional accounts until the threat actor reaches the target.
  • Spoof convincing emails (known as BEC) to re-route payments to bank accounts they control.
  • Access confidential HU information such as student, personal or research data.

Business Email Compromise (BEC) is a form of social engineering in which a scammer impersonates vendors or bosses in order to trick employees into transferring funds to the wrong place. If the scammer is using auto-forward, they may be able to see specific details about projects or services being carried out and gain a better sense of the formatting, tone, and style of invoices or transfer requests This can then be used to create fake invoices for actual services that require payment


If you have any questions or concerns, please reach out to OIS.