Nearly every week there’s a news story about a new phishing attack. Attackers are constantly looking for weak links within an organization to exploit for access to critical systems. As the public becomes more aware of these attacks, the attackers have to evolve. Because their methods are always changing, we continue to send out monthly emails to test faculty and staff using the latest phishing tactics.

Every time you receive an email, slow down and take a second look before acting. Look carefully for red flags throughout the message, including the sender, subject, overall message content, links, and attachments. If you receive any email that you suspect may be phishing, forward the email as an attachment to informationsecurity@drake.edu. It’s better to be safe than sorry.

ITS will assign additional training to any individuals who repeatedly click links or open attachments in phishing emails, simulated or not. Our campus information is too valuable to ignore any weak links we may be providing.

For more information on how to report phishing emails, see the IT Service Portal guide, Reporting a Phishing Message (How-to).

— Peter Lundstedt, ITS