Phishing Exercises Strengthen Security Defenses

Apr 28, 2021

Home » Security » Phishing Exercises Strengthen Security Defenses

As phishing attacks grow in sophistication, so does the importance of elevating organizational awareness of these advanced security threats.

Phishing is an email cyberattack (or ‘smishing’, for text-message based attempts, and ‘vishing’, for voice attempts) that preys on our human behavior, using social engineering, to get you to click a link or download an attachment. Typically, the content of the phish is disguised as a trusted sender but is designed to get you reveal private information.

Take Note:

  • Notice that Microsoft is misspelled as Micrasoft
  • Northeastern no longer references NEU nomenclature
  • To learn more about a call to action or link without engaging with the content, simply hover over the link and a small text box will appear that reveals the full URL. By closely inspecting links and calls to action before engaging, you can verify the legitimacy of the destination.
  • If you’re unsure of the full content of your email, you can always switch to plain text mode. By doing so, the details of all links will be revealed.

Figure 1 Phishing Exercise example: note the ‘clues’ indicating this is a phishing attempt

The good news is that human behavior and social engineering can also be used to defeat such phishing attempts. Data suggests that, by providing consistent training and presenting realistic phishing examples, phishing attacks can be reduced by up to 90%.

One tool used to help users better understand these threats and reduce attacks is simulated phishing exercises. By presenting augmented emails with corresponding teachable moments, phishing exercises, like the one shared with Northeastern faculty and staff recently, allow users to improve detection and reporting skills. In addition, on demand Security Essentials training is offered to all Northeastern community members, along with helpful tips on Malware and Phishing Prevention.

As reminder, here are a few quick steps to take if you receive an email you suspect may be a phishing attempt:

  • Use the Report button in Outlook to let Northeastern know about a suspect message or forward the email to phishcatcher@northeastern.edu.
  • Contact the IT Service Desk (617.373.HELP [4357]) or open a live chat.

Read More Articles

Tech Updates

Faculty Staff Tech Update: 12/7/21

Canvas tools to streamline annual exams, an exciting opportunity for faculty to join a tablet-focused pilot program, Workday information, and more!

Tech Updates

Student Tech Update: 12/7/21

Helpful information about new features in the Student Hub, Workday, and Papercut to help bring ease to student and academic life.

Tech Updates

Faculty and Staff Tech Update 10/18/21: Cybersecurity Awareness Month edition

Cybersecurity Awareness Month edition- find valuable tips regarding everything tech in this month's Tech Updates. Whether it is time to--safely--dispose of old tech, update existing applications, or find help, it is in your Tech Update.