This campaign was a “benchmark” scenario allowing us to compare how susceptible campus is compared to other organizations. 2% of campus employees were found susceptible compared to a 1% average for other organizations.
This scenario looked like a voice mail notification:
The PLAY button linked to a generic sign in page:
Almost 1,000 employees opened the email and almost half of those clicked on the link. About one fourth of employees who clicked on the link submitted data in the fake sign in page.
Neither the email nor the sign in page look like those used by campus systems. If you are unsure of the source or validity of an email you should not click on links, open attachments, or supply credentials or other data. Contact ITSS if you need assistance determining the validity of an email or web page.