According to a recent industry study, phishing attacks grew by 29% in 2021. A phishing attack occurs when an email, text message, or other type of communication appears to come from a reputable source when it’s actually from a cybercriminal. The message may ask for an account’s username and/or password, wire transfer information, or it may simply instruct the recipient to click on a link, or open an attachment.

Cybercriminals often target students, faculty, and staff. This is especially true in the wake of the global coronavirus pandemic, when those in higher education may be distracted, stressed, and/or exhausted, making them more likely to click on phishing emails.

When phishing attacks succeed, the wider campus community is at risk. The average University employee handles a tremendous amount of data; whether that’s behavioral information, financial information, or attendance records. In addition, the average employee likely deals with more than 10,000 emails per year.

The most important thing you can do to protect yourself and Drake against phishing attacks is to think before clicking. 

• Is the greeting strange?
• Does the URL look phony?
• Is someone asking for access that seems out of the ordinary?
• Is there anything else that looks off?

Listen to your gut. If anything seems strange, call the sender to make sure it’s legitimate.

The best means of combating phishing fraud is by raising awareness about phishing. ITS continues to simulate phishing and assign training to those most susceptible. If you believe you’ve been targeted by phishing, see Reporting a Phishing Message (How-to).

— Chris Mielke, ITS