Phishing Exercises Strengthen Security Defenses

Apr 28, 2021

Home » Security » Phishing Exercises Strengthen Security Defenses

As phishing attacks grow in sophistication, so does the importance of elevating organizational awareness of these advanced security threats.

Phishing is an email cyberattack (or ‘smishing’, for text-message based attempts, and ‘vishing’, for voice attempts) that preys on our human behavior, using social engineering, to get you to click a link or download an attachment. Typically, the content of the phish is disguised as a trusted sender but is designed to get you reveal private information.

Take Note:

  • Notice that Microsoft is misspelled as Micrasoft
  • Northeastern no longer references NEU nomenclature
  • To learn more about a call to action or link without engaging with the content, simply hover over the link and a small text box will appear that reveals the full URL. By closely inspecting links and calls to action before engaging, you can verify the legitimacy of the destination.
  • If you’re unsure of the full content of your email, you can always switch to plain text mode. By doing so, the details of all links will be revealed.

Figure 1 Phishing Exercise example: note the ‘clues’ indicating this is a phishing attempt

The good news is that human behavior and social engineering can also be used to defeat such phishing attempts. Data suggests that, by providing consistent training and presenting realistic phishing examples, phishing attacks can be reduced by up to 90%.

One tool used to help users better understand these threats and reduce attacks is simulated phishing exercises. By presenting augmented emails with corresponding teachable moments, phishing exercises, like the one shared with Northeastern faculty and staff recently, allow users to improve detection and reporting skills. In addition, on demand Security Essentials training is offered to all Northeastern community members, along with helpful tips on Malware and Phishing Prevention.

As reminder, here are a few quick steps to take if you receive an email you suspect may be a phishing attempt:

  • Use the Report button in Outlook to let Northeastern know about a suspect message or forward the email to phishcatcher@northeastern.edu.
  • Contact the IT Service Desk (617.373.HELP [4357]) or open a live chat.

Read More Articles

Tech Updates

Student Tech Update 4/6/21: 5-day loans of laptops and other equipment, and student experience focus groups next week

In this edition, based on students' feedback IT Services has expanded its services in Snell Library to support laptop loans for up to five days. Find more information about that and other resources in this update.

Tech Updates

Faculty and Staff Tech Update 4/6/21: Accessing Zoom recordings in Panopto and how to use Adobe Sign

In this edition, you’ll find resources for signing staff performance evaluations, grading exams, managing your video recordings and information on Back to the Classroom workshops in Boston

Digital Workplace

Background Basics for Virtual Meetings

In a world full of virtual meetings, backgrounds help us add a little fun, camouflage our clutter, and express our hopes and wishes for someday being able to be somewhere other than our home office.