Security, Training

February Phishing Awareness Campaign

As part of a phishing awareness campaign an email was sent to campus in February that mimicked a phishing email. About 8% of us that opened this email were found susceptible to phishing. This is lower than the 16% from a similar campaign in December. February’s campaign differed from December in that it linked to a page that asked for credentials to be entered, instead of just linking directly to educational material.  Unfortunately about half of those that clicked on the link then provided credentials. Had this been an actual phishing attempt this would have allowed these accounts to be compromised and put the campus at risk.

Here is what the email looked like with some signs that it was not legitimate noted:

Clicking on the link in the email brought you to a login page. Here is what that page looked like with some signs that it was not legitimate noted:

Simulated Phishing Campaign Results

The simulated phishing campaign was broken into two groups: employees and students. If you are both an employee and a student you may have received two simulated phishing emails. Below you can see the results of this campaign.

Students

Employees

We are planning future phishing awareness campaigns, including more simulated phishing emails. We hope that improved awareness of the signs and dangers of phishing will reduce the number of compromised campus accounts and resources, and help protect campus data.

More information about phishing is available at http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

More information about the PhishMe simulated phishing tool is available at http://www.csuchico.edu/isec/tools_resources/phishme.shtml

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s