As previously announced, campus has begun a phishing awareness campaign. Phishing is the use of email messages in an attempt by hackers and cybercriminals to steal personal information or hijack computing resources. An email was sent to campus employees and students that mimicked a phishing email that has targeted our organization. The purpose of this email was to give hands-on experience in what a phishing email looks like. Those of us that fell prey to this simulated phishing attack were presented with an educational video about how to improve at identifying phishing.

Signs of Phishing

Below is the simulated phishing email that was sent to campus. We’ve noted the signs that this was not a legitimate email. Individually these signs might not be definitive, but collectively they should make it apparent that this was a phishing email.

As always, if you’re unsure about the validity of an email or website contact IT Support Services for assistance.

Simulated Phishing Campaign Results

The simulated phishing campaign was broken into two groups: employees and students. If you are both an employee and a student you may have received two simulated phishing emails. Below you can see the results of this campaign.

Employees

Students

We are planning future phishing awareness campaigns, including more simulated phishing emails. We hope that improved awareness of the signs and dangers of phishing will reduce the number of compromised campus accounts and resources and help protect campus data.

More information about phishing is available at http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

More information about the PhishMe simulated phishing tool is available at http://www.csuchico.edu/isec/tools_resources/phishme.shtml