In March 2018, ITS implemented a change within the University’s email system, placing a label at the top of the message body for all emails coming from non-Drake senders. Designed to help recipients pay attention to the source of incoming messages and reduce the likelihood of compromise, it has made a noticeable difference in our security awareness efforts.

Over time, however, the label has become increasingly inconspicuous, and we’ve received feedback that it blends in with the email body.

On July 7 we’ll be updating the look of the label with different wording and color for better prominence. Examples of the new label are shown below.

As a reminder, email labeling is an automated process that does not examine message content, only the message sender. This labeling does not indicate whether a message is malicious, it just informs recipients that message is not from a Drake sender. Every email you receive, especially those from unknown senders and/or containing links or attachments should be carefully reviewed before acting.

Please contact me with any questions, at informationsecurity@drake.edu.

— Peter Lundstedt, ITS

The College of Pharmacy and Health Sciences’ BullD.O.G.S. (Drake Opportunities for Gaining Skills) in Healthcare program will take place July 25–27 on Drake’s campus. All high school students in grades 10–12 during the 2019–2020 academic year are welcome to attend.

BullD.O.G.S. in Healthcare introduces students to careers in healthcare by educating them on opportunities in health sciences and inspiring them to explore different pathways.

Students will participate in hands-on laboratory experiences, educational sessions, and interactive discussions with students and faculty in the College of Pharmacy and Health Sciences to understand how to best prepare for a career in healthcare. A special emphasis is placed on promoting careers in athletic training, occupational therapy, and pharmacy.

The overarching goal of the program is to expose students to a wide variety of healthcare opportunities and educate them about how they can best prepare for a career in the health professions.

If you know of a high school student interested in a career in healthcare, please encourage them to register. Registration closes Friday, July 5, 2019 at 12 p.m. Due to the costs involved in providing an overnight experience on campus, there is a $200 registration fee. Financial assistance may be available to students who qualify. Payments will be accepted through Friday, July 5 at 12 p.m. Participants who have not paid the registration fee by this date will forfeit their spot in the program. Refunds will not be granted for cancellations made after July 5.

For more information about the program’s goals, activities, and requirements, visit the College of Pharmacy and Health Sciences website, or contact Jessica Lang, Director of Enrollment Services, at jessica.lang@drake.edu or 515-271-3018.

Can you spot an impostor?

If someone claiming to be your supervisor, director, or dean sent you an email from an unrecognized address with a one-word question, would you respond? These attacks are surprisingly effective, taking advantage of our trust and the way we interact with our colleagues. It’s also extremely difficult for security technologies to stop these attacks because there are no infected email attachments or malicious links to detect.

How does the attack work?

In most cases, the criminals are after money, and what makes these attacks so dangerous is the research they do prior to launching their attack. For example, if they are targeting you, they would determine the identity of your department chair or manager. Then they’ll craft a series of urgent emails pretending to be them and asking you to take an action such as wiring money, purchasing gift cards, or sending a sensitive document, always outside an established process.

Protecting yourself

Common sense is your best defense. Here are some clues to watch for if you get an email that you suspect might be from an imposter:

• • The email will be very short (potentially just a few words).

• • There’s a strong sense of urgency, pressuring you to ignore or bypass standard practices. You should always follow established procedures, even if the email appears to come from leadership or administration.

• • The email is work-related but comes from a non-Drake email address, like gmail.com or hotmail.com. These emails will nearly always have an [External Email] label.

• • The email appears to come from a leader, co-worker, or vendor you know or work with, but the tone seems different.

• • Payment instructions are provided, but differ from ones you may have already received, such as payment to a different bank account.

If you receive a request that appears to be from an impostor, stop all interaction with them and report the message by emailing it to informationsecurity@drake.edu or submitting a request at service.drake.edu/its. ITS will continue to provide phishing education in June using emails that simulate real attacks.

—Peter Lundstedt, IT Communications