Information Technology Services hosts phishing quiz to prevent hacking

Photo by Alexis Cruz

BY ASHLEY FLAWS

On Oct. 30, Drake University Information Technology Services (ITS) began hosting the second annual phishing quiz for students, faculty and staff at Drake.

The quiz will be available to take until midnight on Nov. 17, and its goal is to bring awareness to Drake’s campus about what phishing is and the consequences that can come as a result of responding to phishing traps.

Carla Herling, the ITS communications manager, defines phishing as people trying to trick others into giving out their personal information over email, texts or social media. They send a link, often disguised as a link people may recognize, along with an urgent message with hopes of getting them to click on the link and enter their personal information. Herling said over 100 million phishing traps are sent to Drake emails each year.

“The idea behind the quiz is that we want to help everyone on campus—faculty, staff and students—learn more about how to protect themselves from phishing,” Herling said. “It’s one of the most common ways that people are hacked, so we want to make sure they know the signs to look for so that if they get something in their email and it looks a little janky or a little suspicious, they know how to identify it, and they can ultimately keep themselves safe.”

Herling has helped the director of information security and compliance, Peter Lundstedt, with developing the quiz since June, with the goal of having the quiz coincide with National Cyber Security Awareness Month in October. The quiz consists of 10 questions in the form of emails that Drake students, faculty or staff may receive. The goal is to look closely for spelling or grammatical errors or anything else that may seem off about the email or the link in the email that could indicate it is a phishing email.

The first 300 people who took the quiz this year received free coupons for a taco from Taco Johns, but anyone can still take the quiz until Nov. 17 and be entered to win one of six prize packages from the Drake Bookstore and local businesses.

Sami Peick, a senior music education major who works for Drake ITS as a student assistant, said that she didn’t know what phishing was until she started working for ITS. She has since realized that phishing is one of those things that people think will never happen to them, and she believes students are often vulnerable to these traps.

“In the era of students right now, technology is growing so constantly and developing so much that there’s constantly new things, so I think that that’s one reason why … we can fall into traps like that,” Peick said.

Giving out personal information to phishing traps could lead to fraudulent activity and identity theft, but another possibility on Drake’s campus is campus data being compromised. This could be a possibility if a faculty or staff member ever unknowingly gives out campus information to a fake website presented in a phishing email.

However, Herling encourages everyone on campus to be vigilant. Herling said things to look out for include misspellings, messages with a weird or urgent tone, unexpected attachments or suspicious links.

“Take a beat and think before you click is probably the biggest advice we can give anyone,” Herling said.

Peick said students need to be aware that phishing can also happen on social media.

“I think that students need to know that it can come from anywhere,” Peick said. “It can be a text message, it can be a social media message, it can be a social media post or it can be on your email. It can even be on Twitter. How pervasive phishing really is is super important for us to raise our awareness to.”

If a student, faculty or staff member fears that they are a victim of a phishing email or phishing content, Herling encourages them to email informationsecurity@drake.edu or peter.lundstedt@drake.edu right away.