Phishing Exercises Strengthen Security Defenses

Apr 28, 2021

  1. Home
  2.  » 
  3. Security
  4.  » Phishing Exercises Strengthen Security Defenses

As phishing attacks grow in sophistication, so does the importance of elevating organizational awareness of these advanced security threats.

Phishing is an email cyberattack (or ‘smishing’, for text-message based attempts, and ‘vishing’, for voice attempts) that preys on our human behavior, using social engineering, to get you to click a link or download an attachment. Typically, the content of the phish is disguised as a trusted sender but is designed to get you reveal private information.

Take Note:

  • Notice that Microsoft is misspelled as Micrasoft
  • Northeastern no longer references NEU nomenclature
  • To learn more about a call to action or link without engaging with the content, simply hover over the link and a small text box will appear that reveals the full URL. By closely inspecting links and calls to action before engaging, you can verify the legitimacy of the destination.
  • If you’re unsure of the full content of your email, you can always switch to plain text mode. By doing so, the details of all links will be revealed.

Figure 1 Phishing Exercise example: note the ‘clues’ indicating this is a phishing attempt

The good news is that human behavior and social engineering can also be used to defeat such phishing attempts. Data suggests that, by providing consistent training and presenting realistic phishing examples, phishing attacks can be reduced by up to 90%.

One tool used to help users better understand these threats and reduce attacks is simulated phishing exercises. By presenting augmented emails with corresponding teachable moments, phishing exercises, like the one shared with Northeastern faculty and staff recently, allow users to improve detection and reporting skills. In addition, on demand Security Essentials training is offered to all Northeastern community members, along with helpful tips on Malware and Phishing Prevention.

As reminder, here are a few quick steps to take if you receive an email you suspect may be a phishing attempt:

  • Use the Report button in Outlook to let Northeastern know about a suspect message or forward the email to phishcatcher@northeastern.edu.
  • Contact the IT Service Desk (617.373.HELP [4357]) or open a live chat.

Read More Articles

Digital Workplace

Former ITS co-op student honored with Co-op Excellence Award

Congratulations to Apoorva Sandeep Kadu, a former ITS co-op student whose work with the Unified Communications VOiP project team was recognized.

Tech Updates

Faculty and Staff Tech Update: 5/11/22

In this update, take action by accepting updated NUwave certificates, refresh your knowledge about the Hub, explore new additions to the Adobe Creative Suite, check out Concur's updated interface, and learn about using Poll Everywhere in your classroom.

Tech Updates

Student Tech Update: 5/11/22

In this update take action by accepting updated NUwave certificates, check out library resources in the Hub, explore new additions to the Adobe Creative Suite, and learn about resources and benefits for new alumni.