Phishing attack methods are evolving

Attackers are constantly looking for a weak link within an organization that can be used to gain a foothold. Once inside, they are free to steal information or money, or wreak havoc on critical systems. Quite often, that weak link is us. When we open links and attachments that we don’t recognize or appear too good to be true, we invite in those that seek to cause us harm.

Over the last six months, security researchers have found that attack methods are evolving. As more organizations provide better education and advanced filtering tools, phishers are improving their grammar usage, spelling, and formatting to convince recipients to let down their guard. We must continue to stay one-step ahead of their tactics.

ITS will send out emails in April that use these same tactics. When you receive any email, slow down and take a second look before acting. Look carefully for ‘red flags’ throughout the message, including the sender, subject, overall message content, links, and attachments. If you receive an email that you suspect may be phishing, forward the email as an attachment to informationsecurity@drake.edu.

Additional training will be assigned to individuals who repeatedly click links or open attachments in phishing emails, simulated or not.

For more information on how to report phishing emails, see the IT Service Portal guide, Reporting a Phishing Message (How-to).

— Peter Lundstedt, ITS