OIT recently implemented a new email security service, Abnormal Security, which uses advanced detection models to protect against email attacks that exploit human behavior such as phishing, social engineering and account takeovers. Abnormal Security only reviews emails that pass our Microsoft Defender Quarantine service to bring greater scrutiny and nuance to phishing detection in direct response to campus feedback for improved email security.
Over the past year, CU Boulder students have lost thousands of dollars to phishing attacks while faculty and staff have had their paychecks impacted, lost control of their personal data, and had their accounts used to attack students and other faculty and staff members. As the sophistication and cost of cyber attacks against our community continues to grow, so must the sophistication of our email security evolve to better protect the campus community.
If Abnormal Security identifies an email as malicious, the email is blocked. Blocked emails can be recovered if reported to the IT Service Center within 30 days of expected receipt. This will save you time from having to review and report suspicious emails while better protecting your data and identity.
OIT has been piloting Abnormal Security for six months and has seen a miniscule false positive rate (less than 0.00004% of all incoming email) in that time. A false positive is when an email is incorrectly identified as malicious and blocked. During the six-month pilot, Abnormal Security detected and would have stopped 793,000 advanced attacks from reaching members of our campus community. OIT reviews Abnormal Security logs daily for false positives, proactively contacts recipients if a suspected false positive is discovered, and continues to train the system to reduce this possibility.
OIT constantly evaluates the email security landscape and will continue to adjust the tools available to help protect personal information and university data.
