A Message from our Interim CIO:

Information technologies, like artificial intelligence or our new Canvas learning management system, support the mission of the University. To benefit from these innovations and manage the risks, all of us must train in cybersecurity and exercise critical thinking against threats.
-Dr. Pablo G. Molina

A Message from our Acting CISO:

October is National Cybersecurity Awareness Month, a time to focus on how we protect ourselves and the Drexel University community online. I encourage all students, faculty and staff to stay alert.

This year’s theme, Stay Safe Online, reminds us that cybersecurity is everyone’s responsibility. Threats are evolving rapidly, including AI-driven scams, phishing and ransomware. Simple actions like using strong passwords, enabling multifactor authentication and keeping software up to date help keep our data safe. Our best defense is critical thinking. If something seems suspicious, report it in Outlook or ask our team.

In line with Drexel’s academic transformation, phishing simulations will now run twice a year. We’ve also added AI awareness modules to the mandatory annual information security training for faculty and staff.
-Josep Riera Vuibert

The Surge of Digital Scams

Cybercriminals are increasingly weaponizing everyday technologies such as CAPTCHAs, QR codes, job postings, and AI-driven deepfakes to deceive individuals and organizations. Fake CAPTCHAs and malicious QR codes can lead to phishing sites or malware downloads, while fraudulent job listings caused over $220 million in reported losses in the first half of 2024, according to the FTC. Deepfake attacks using realistic video, audio, and images are growing rapidly. Forbes reported that in 2024, one occurred every five minutes and deepfakes accounted for 40% of all biometric fraud. To stay protected, verify QR code sources and URLs, research job postings carefully, stay skeptical of unusual requests, and stay informed about emerging threats.
If you or someone you know may be a victim of a scam or cyber-attack, contact Drexel Public Safety at https://drexel.edu/publicsafety and report it to the FBI at https://www.ic3.gov.

Stay Safe: Authenticate

According to Microsoft, multifactor authentication (MFA) blocks over 99% of account compromise attempts. Drexel encourages everyone to use MFA to protect their accounts. The Microsoft Authenticator app is preferred over SMS or phone calls because it provides stronger protection. As AI-driven threats like deepfakes, phishing, and voice spoofing grow more sophisticated, vigilance is essential. The Information Security team conducts phishing simulations every semester to strengthen our community’s defenses. Always be skeptical of unsolicited messages, verify sender identities, and be cautious of urgent requests. If you suspect phishing in your Drexel account, report it immediately. For guidance on how to report suspicious emails, visit: https://drexel.edu/it/security/report-abuse/.

Cybersmart: Protecting People, Data, & Devices 

According to the 2025 Verizon Data Breach Report, overall incidents in the education sector declined, but system intrusions remain the leading attack pattern. Financially motivated external actors primarily use malware (42%) and hacking (36%), and ransomware accounted for 30% of malware cases, highlighting persistent risks to schools and institutions. As cyber threats evolve, strong security habits are essential. Your vigilance helps protect our systems and strengthens Drexel’s cybersecurity. Here are some practical tips you can apply right away:

• Think Before You Click: Be cautious when opening or clicking links, especially from unknown or unexpected sources.
• Enable Multi-Factor Authentication (MFA): Using the Microsoft Authenticator app instead of SMS or phone calls provides stronger protection.
• Update Systems and Software: Regularly install updates and patches to protect against vulnerabilities. Staying current with supported systems is essential for security and compliance. For example, Windows 10 is now end-of-life and no longer receives security updates, leaving devices exposed to attacks. Upgrading or replacing such devices ensures continued access to the Drexel networks and modern protections.
• Be Cautious with AI Tools: AI platforms may store or reuse your input. Avoid entering sensitive data and treat AI as public-facing.

For more guidance, visit our Best Practices page.

Dust Up On Your Cyber Knowledge

Get the knowledge you need to protect yourself and others from phishing, job scams, and deepfake attacks by taking the Drexel University Security Training (D.U.S.T.). The updated course includes AI-focused modules to help you recognize and defend against emerging threats. Completing the training strengthens your cybersecurity awareness and earns you a SANS security certificate. Students, faculty, and staff can sign up at https://drexel.edu/it/security/awareness-program/dust-self-enrollment/

Information Security Resources

Stay informed about cybersecurity news, common scams, FAQs, and other information, visit the Drexel Information Security website at drexel.edu/it/security.

For tips on information security while learning and working remotely, please visit the Information Security Best Practices webpage.

Report any cybersecurity incident to informationsecurity@drexel.edu.