In January, an email simulating a phishing attack was sent to just over 400 staff; 96 percent of those who received the email either didn’t open the email, or didn’t click the suspicious link inside it. These results show that Drake employees are continuing to improve their identification and avoidance of these potential threats.

Indications that an email may be dangerous:

• A strange sender, or one that you don’t expect
• A request that you take ‘urgent’ or ‘immediate’ action
• Links or attachments that don’t match the message content or that you don’t recognize.

Slow down and take a second look before taking action.

ITS will continue to send out simulated attacks to faculty and staff. If you receive an email that you suspect is phishing, don’t click any links, download any attachments, or reply. Instead, forward the email as an attachment to informationsecurity@drake.edu.

Additional training will be assigned to faculty and staff members who repeatedly click links or open attachments in phishing emails, simulated or not.

For more information on how to report phishing emails, see the IT Service Portal guide, Reporting a Phishing Message (How-to).

— Peter Lundstedt, ITS