Phishing Exercises Strengthen Security Defenses

Apr 28, 2021

Home » Security » Phishing Exercises Strengthen Security Defenses

As phishing attacks grow in sophistication, so does the importance of elevating organizational awareness of these advanced security threats.

Phishing is an email cyberattack (or ‘smishing’, for text-message based attempts, and ‘vishing’, for voice attempts) that preys on our human behavior, using social engineering, to get you to click a link or download an attachment. Typically, the content of the phish is disguised as a trusted sender but is designed to get you reveal private information.

Take Note:

  • Notice that Microsoft is misspelled as Micrasoft
  • Northeastern no longer references NEU nomenclature
  • To learn more about a call to action or link without engaging with the content, simply hover over the link and a small text box will appear that reveals the full URL. By closely inspecting links and calls to action before engaging, you can verify the legitimacy of the destination.
  • If you’re unsure of the full content of your email, you can always switch to plain text mode. By doing so, the details of all links will be revealed.

Figure 1 Phishing Exercise example: note the ‘clues’ indicating this is a phishing attempt

The good news is that human behavior and social engineering can also be used to defeat such phishing attempts. Data suggests that, by providing consistent training and presenting realistic phishing examples, phishing attacks can be reduced by up to 90%.

One tool used to help users better understand these threats and reduce attacks is simulated phishing exercises. By presenting augmented emails with corresponding teachable moments, phishing exercises, like the one shared with Northeastern faculty and staff recently, allow users to improve detection and reporting skills. In addition, on demand Security Essentials training is offered to all Northeastern community members, along with helpful tips on Malware and Phishing Prevention.

As reminder, here are a few quick steps to take if you receive an email you suspect may be a phishing attempt:

  • Use the Report button in Outlook to let Northeastern know about a suspect message or forward the email to phishcatcher@northeastern.edu.
  • Contact the IT Service Desk (617.373.HELP [4357]) or open a live chat.

Read More Articles

Digital Workplace

Northeastern’s Services Now Mobile App Makes Getting Tech Support Even Easier

Northeastern’s Services Now Mobile app will expand beyond the Wellness resources today to include Tech Service Portal with an easy and mobile-friendly way to access the services and support the Northeastern community needs

Tech Updates

Tech Update 7/14/21: Productive Meetings, Personalized Pronouns, Course Material Requests

This update highlights resources to help keep meetings productive, collaborative, and inclusive. And for educators beginning to prepare for the fall terms, there are training and other technology resources available below to assist you.

Security

Job Offer or Phishing Attempt?

While it’s always exciting to receive a job offer or an invitation to interview for a position, it’s important to keep an eye out for scams. We’ve outlined some common red flags to lookout for in this post.