窪蹋勛圖厙

Phishing for Knowledge: 窪蹋勛圖厙's Email Experiment is Testing You

With cybersecurity threats on the rise, the Division of Information Technology launches campaign to help train university community

What's the cost of a click?

窪蹋勛圖厙 is teaching that exact lesson to the campus community by sending internal phishing emails to see how recipients respond.

Odds are you've received one. If not from 窪蹋勛圖厙, then from other bad actors. Think back. Have you ever gotten an email or received a text that looked a little off? Maybe a few words are misspelled, the grammar is incorrect, even if it appears to be from someone you know. 

Chances are it could be a phishing email.

University Community Tested

窪蹋勛圖厙s Division of Information Technology reports that roughly 500 million phishing emails are sent per day, and they are effective. Every 60 seconds, 250 computers are hacked. These breaches cost companies $388 billion a year in stolen business secrets and intellectual property. 

The division is working to increase the visibility of phishing scams as part of its cybersecurity operations.  

James Raber

Phishing is a type of social engineering-based hacking, James Raber, associate chief information officer from the Division of Information Technology, told 窪蹋勛圖厙 Today. It typically comes in the form of an email that tries to convince somebody to complete an action, like giving away credentials or data through fraudulent means.

The divisions campaign aims to educate and inform the 窪蹋勛圖厙 community about the ramifications of falling victim to phishing scams.

Human Error Is a Major Factor

According to Raber, the campaign started after the metrics of a Verizon annual report were released. The report showed that 74% of all data breaches are grounded in human error.

The overwhelming number of people clicking on phishing emails showed a clear need for education, so the division implemented resources targeting phishing. 

Phishing Emails are Real

Often a highly regarded officials name will be used as the fake contact of the email such as 窪蹋勛圖厙s President Todd Diacon or the IT Help Desk. Typical tactics of phishing include asking for personal phone numbers and passwords. Whenever a trusted or important person messages us, we may forgo usual skepticism and send personal information without a second thought. No one, not even the university IT staff, will ask for your password.

Though the division originally started using phishing test emails during last year's Cybersecurity Awareness Month, theyve now become recurring. 

Phishing emails that looked almost official were sent to 窪蹋勛圖厙 members inviting them to click a link. If they clicked it, they were offered a training module regarding security against phishing.

We want to make sure that no matter where somebody is in their relationship with the university, whether they're a seasoned veteran or brand new to the university, Raber said, that they're able to identify fraudulent messages and take appropriate action with those sorts of things.

a student on her computer

 

Taking Phishing Seriously

Flagging suspicious emails helps the division reduce the risk to the 窪蹋勛圖厙 community. And thats what they want all of us to do. Users can flag these emails by forwarding them to phish@kent.edu, so the division can take action and remove any emails from the system before other people even see them, if possible.  

The threat is real, and the implications are bigger than some 窪蹋勛圖厙 community members may realize.  

Phishing is an important scam to identify because of the information associated with students' FlashLine credentials. With access to that sensitive information, loans can be taken out in a students name. For all employees, direct deposits can be tampered with. Its more than just your email that is in danger.

Begin at a 窪蹋勛圖厙 Regional Campus

Raber said the division has measured its campaign so far to see where theres room for improvement. A low click rate might mean that the 窪蹋勛圖厙 community is able to identify scams but might show they often arent taking the next step to report the email. On the other hand, a high click rate might mean that the community needs to be trained on how to identify a phishing scam. The goal is to get high reporting rates with no clicks on any links or by replying with sensitive information.  

Looking Ahead

As phishing was the target for Cybersecurity Awareness Month last October, this fall there will be new themes to focus on, such as password hygiene and managing ones digital identity. Stay tuned for more about those themes coming soon.  

So, the next time you get an email that asks for personal credentials or wants you to verify your account, stop, think and forward it to phish@kent.edu first. The division will let you know if something is safe.

Learn more about cybersecurity from the Division of Information Technology.

Phishing Email Graphic

Here is what to look for to avoid getting phished:

  1. Always check the senders address.
  2. Unsolicited attachments.
  3. Generic greetings.
  4. Spelling and grammar mistakes.
  5. Links to unrecognized sites or slightly misspelled sites.
  6. Threats or enticements that create a sense of urgency.
  7. Toll-free numbers in suspicious emails that do not match known numbers. 

Here is what do if you suspect getting phished:

  1. Report the email to phish@kent.edu.
  2. Never give out personal or sensitive information based on an email request.
  3. Hover over links in email messages to verify a links actual destination, even if the link comes from a trusted source.
  4. Type in website addresses, rather than using links from unsolicited emails.
  5. Be suspicious of phone numbers in emails. Use the phone number found on your card or statement or in a trusted directory instead.
POSTED: Friday, September 13, 2024 11:42 AM
Updated: Tuesday, September 17, 2024 01:54 PM
WRITTEN BY:
Caitlyn Soya, Flash Communications