Phishing education

phish·ing
noun
The activity of defrauding an online account holder of confidential information by posing as a legitimate company.

We’ve all been the target of a phishing attack. Whether it’s a warning of an expiring email account or an “urgent message” from a financial institution, these attacks put the confidential information of our students and employees at serious risk, and require significant personnel and technology resources to resolve.

Faculty, staff, and students of Drake are no exception, and the attackers have been making their email attacks even more difficult to spot. Several of the attacks recently spotted have used a forged copy of our webmail login page to convince people to give up their username and password.

The login page below is from an email phish that we received, but there’s nothing on the page giving it away. The page gives the appearance of legitimacy but is designed to steal passwords and information.

phishing

However, the URL at the top gives it away. As you can see, pilatesg.com isn’t affiliated with Drake or with Microsoft, our email provider. If you are ever asked by email to take an urgent action regarding your account, go to the page you know and trust rather than following a link.

Drake webmail is located at: outlook.com/drake.edu

Links to safe login pages for Blackboard, blueView, EMS, and more are also located at the following pages:

www.drake.edu/facstaff/

www.drake.edu/students/

If you think you’ve received a legitimate email but aren’t sure, don’t take chances! Call Client Services at 515-271-3001 or email informationsecurity@drake.edu. If you think you may have already opened a malicious link, call or email right away to get your password changed.

Drake utilizes a service called PhishMe to provide education on these types of attacks—what attackers are after, how they get through our spam filter, how to spot them, and, most importantly, what to do if you’ve been targeted. For more information on phishing and how to avoid becoming a victim, please visit the DTS Information Security website.

—Submitted by Jeffrey Sabin, Information Security Officer