CAMPUS NOTICE

 

OFFICES OF THE CHIEF INFORMATION SECURITY OFFICER,
UC SAN DIEGO AND UC SAN DIEGO HEALTH

April 15, 2020


ALL ACADEMICS, STAFF AND STUDENTS AT UC SAN DIEGO Including Health

SUBJECT:    New URL Defense Service Makes Emails Safer

As part of UC San Diego's commitment to helping protect the university’s
networks and data, IT Services and Health IS are launching a new email
security feature on April 16, 2020. In our modern era, particularly with
an increasingly mobile and remote workforce as well as remote learning,
email protection is a priority. The university’s existing email security
tool prevents external email with known malicious URLs from reaching
your inbox. This new feature, called URL Defense, will further protect
against seemingly harmless URLs that make it into your inbox but become
malicious thereafter, thus exposing you to security threats if you click
on them.

If you click on a URL in your email that is safe, you will be directed
to the corresponding website. If you click on a URL that leads to a
malicious website, you will see a notification explaining that you have
been blocked from accessing it.

With this service activated, how you view URLs in emails may look
different. The URL will be "rewritten" and prepended with
"https://urldefense/v3_" followed by the actual URL. Depending on the
type of email, you'll see the "rewritten" URL when you hover your cursor
over the link, or you'll see the "rewritten" URL directly in the email
body. Note that seeing “rewritten” URLs will require a change in
mindset, as you’ve likely been conditioned to only click URLs you
immediately recognize.

You do not have to do anything to activate this new feature; it will be
automatically available when checking UC San Diego email on any network,
in every location, from any device. This is true for members of our
Health organizations as well as campus.

IMPORTANT NOTE: MAINTAIN EMAIL LINK VIGILENCE

The implementation of URL Defense minimizes email security risks, but it
does not guarantee that every link contained in the incoming, external
email to @ucsd.edu or @health.ucsd.edu is safe to click. Please continue
to exercise caution when reviewing embedded links. For more information
on detecting phishing messages, including tips for examining embedded
URLs, see the information at
https://blink.ucsd.edu/technology/email/security/url-defense.html.

ROLLOUT SCHEDULE AND HELP

While over 1,000 users have been testing URL Defense, we have decided to
accelerate the deployment of this service, thus shortening our usual
testing period significantly. This is in response to the exceptional
increase in coronavirus-related phishing attacks on the campus
community. Working with and with the support of the Campus Academic IT
Committee of the Faculty Senate, we will enable URL Defense on Thursday,
April 16.

If you experience any difficulties, take note of the following help
channels:
Campus users:
*Visit https://servicedesk.ucsd.edu
*Email servicedesk@ucsd.edu
*Call (858) 246-4357

Health users: *Visit https://uchealth.service-now.com/ess_ucsd/
*Email 3help@ucsd.edu
*Call (619) 543-4357 or Ext. 3-HELP



Michael Corn
Chief Information Security Officer
UC San Diego Campus

Ken Wottge
Chief Information Security Officer
UC San Diego Health