What Happens When… | Clark University Bits and Bytes

Have you ever wondered what happens when someone in the Clark community gets a phishing email? How does ITS respond to help protect the security of our technology and information?

A prime target for attackers is to get their hands on your Clark Account. Clark Accounts are trusted by folks inside and outside of Clark, so emails sent from our accounts are usually delivered, read, and considered reputable. When an attacker has access to your account, they will often use it to send lots of emails, often to thousands of people, because then the recipient is getting a message from a trusted source and is more likely to take action.

So, what does ITS do? Before messages even appear in your mailbox, AI systems look for red flags that would suggest that the email is a phishing attempt. To do this, the systems examine metadata, identify patterns in language, and recognize misleading links, attachments, and embedded content. (Don’t worry – Clark’s Appropriate Use Policy and Email Policy govern the use of these systems, who may access them, the content they review, and what approvals are required.)

For example, a message that urges immediate action via a link to an external website from someone you don’t normally get email from will have an increased likelihood of not being delivered to your inbox. Over 1/3 of the messages sent to Clark are deemed malicious and are not delivered to your inbox. That’s about 1 million messages a month during the academic session.

However, detection is not perfect, and occasionally a message will get through our automated systems. If you see a suspicious message, report it using the Phish Alert Button in Outlook. This will trigger some automated and some people-led processes to confirm if the message is malicious. If the message is malicious, ITS will take a number of actions, including blocking anyone on campus from accessing any malicious links in the email, removing similar messages from other inboxes, and identifying anyone who may have already clicked on a link so that we can help to secure their account.

Cybersecurity can be thought of as a high-stakes game. The attacker’s goal is to compromise as many accounts as possible, and our goal is to stop them as quickly as possible. So, remember, you are the first line of defense. By stopping and considering the emails you receive, especially those from people you don’t often correspond with asking for action, you can help keep Clark and your personal data safe and secure.