Email phishing education

The phishing education scenario in March went to 500 faculty and staff and 81% of the people that received the email avoided opening the attachment. It was designed to mimic a highly effective ransomware campaign, which resulted in the loss of data for thousands globally. The email and attachment are designed to lock files and prevent access to them unless a ransom is paid, and even then, there’s no guarantee.

Late last year, Coastal Carolina University was scammed out of over half a million dollars after thieves used clever phishing emails designed to look like an official vendor. This story and countless other headlines are stark reminders of why phishing training is so important.

This week we will be sending out another simulation email to 500 random faculty and staff members. If you receive the email and submit any information, you’ll be directed to an educational page. Participating in training like this is an effective and risk-free way to learn about the dangers of phishing and help protect individual and campus data. If you have questions or concerns about this training or any other IT security issues, please contact informationsecurity@drake.edu.

If you ever receive an email you suspect is phishing, simulated or not, please forward it as an attachment to informationsecurity@drake.edu.

—Peter Lundstedt, Information Security Manager