New phishing awareness campaign to launch in February

A fish viewed from above

According to Gartner, up to 90 percent of data breaches start with a phishing email and phishing schemes have been increasing over 18 percent year over year. Phishing is the attempt to trick people via email into giving up sensitive information, such as their username and password, by impersonating official communications or official web sites.

Starting in February 2021, the Security, Compliance, and Risk Management team will be kicking off a series of internal phishing training campaigns. We will send fake phishes that simulate real-world phishing attacks, first to the IT Services division and then to various departments around campus. The campaign will educate our community on how to better identify phishing messages, and allow us to gather metrics to optimize our anti-phishing program.

Here are a few key points to keep in mind:

  • These simulated phishing emails will do no actual harm, and will collect no credentials or other sensitive information.
  • We will not report anyone to their supervisors, managers, Human Resources, etc., under any circumstances as part of the program.
  • Those who fall for the fake phishing attack will be presented immediately with a phishing awareness webpage so that they can better learn how to identify real from fake messages, and to help increase awareness of this problem.

Check out our Phishing Awareness website!