New Phishing Experiential Learning and Reporting
Phishing and social engineering attacks are an increasing threat to the University. In ITS, we have implemented a wide range of technologies to prevent the vast majority of the phishing emails from reaching your inbox. Still, that does not prevent a few of these emails from reaching your inbox several times a month. An important layer of our protection is what is often called the "human firewall." Your educated and informed vigilance is one of last barriers of defense when external scammers have evaded all previous defenses.
With this collaboration, we have been largely successful in keeping the University safe from those who would steal our information and disrupt our educational and business processes. In ITS, we have provided educational opportunities as well as tools to help you discern phishing, spam, and malware attempts from legitimate email. The [EXTERNAL] tag in the subject line, among other tools provides an indication of which emails are coming from outside the institution and could potentially indicate a threat.
We have encouraged you to report phishing emails to the helpdesk. We understand that the process to report phishing emails is somewhat labor-intensive and disrupts other tasks. We are now making it easier to report phishing emails...a simple link (inside of Outlook) that submits your suspected email for review. The "Phish Alert" link (just above the body of the email-Please see attached) is one-click button to inform us of emerging concerns that could trick other employees. Look for the "Phish Alert" link in your Outlook email software soon.
Additionally, we have now enrolled all our users into an educational campaign that is designed to teach our campus users how to better discern and respond to phishing emails. On a regular, ongoing basis, we will send you emails (through a service called "Knowbe4") that appear to be phishing emails. When you spot these (or any suspected phishing email), report the email through the "Phish Alert" link. If you are tricked by the email (clicking on potentially problematic attachments or links), the system will let you know that you responded to a phishing email and show you how you can better discern future phishing emails. As we run through this experiential learning program, we are hopeful that we can further build our "human firewall." If you have any questions, please contact the ITS Helpdesk (firstname.lastname@example.org 607.871.2222).
Attachment: Phish Alert Link in Outlook
Submitted by: Gary Roberts