Take a BITE out of phish!
New cyber threats surface every day, but one kind of threat persists as one of the most common and effective. Phishing remains a favorite of cybercriminals because it bypasses technical security controls and attacks the people rather than the systems.
Phishing is an increasingly common and dangerous cyberattack perpetrated using email. Hackers and scammers, often pretending to represent familiar organizations like the IRS or a bank, send out emails that contain links to malicious sites or malware-infected attachments. Their intent is to trick unsuspecting people into surrendering their personal information or even control of their devices.
To help raise awareness about phishing attacks, the University has launched the Secure UD "Take a BITE out of phish!" campaign.
This campaign empowers the University community to protect itself and uses simulated phishing attacks to challenge employees to become more aware of the threats they face.
Employees are encouraged to forward all suspicious emails to firstname.lastname@example.org.
For annotated copies of simulated phishing emails used in the "Take a BITE out of phish!" campaign, visit the Secure UD Threat Alerts blog.
Take a BITE out of phish!
- What is phishing?
- What's the danger to me?
- How can I learn more?
- How can I spot a phishing email?
- How can I verify if an email is legitimate?
- How do I report a suspicious email?
- What do I do if I fall for a phish?
- How else can I help raise awareness?
- What should I do with a phishing email?
- What about attachments and links?
The "Take a BITE out of phish!" campaign
In order to raise awareness about phishing attacks, their consequences, and how to avoid becoming a victim, the University has launched the Secure UD "Take a BITE out of phish!" campaign.
Here's how it works:
- Each month, a random sample of employees will be sent a test email that simulates the kinds of emails being used by real cybercriminals.
- Employees who receive suspicious emails should forward them to email@example.com (whether they think it's part of the test or not).
- If an individual falls for one of the test phish, they'll see a message about the "Take a BITE out of phish!" campaign and some clues that could help them identify phishing emails in the future.
The tests are non-punitive; employees will not be punished for falling for one of the simulated phish. However, everyone is strongly encouraged to treat all suspicious emails as potentially dangerous. Although the test emails are not malicious, real phishing attacks are a persistent threat and must be treated as such.
Members of the University community can help warn others about potential phishing attacks by forwarding suspicious emails to firstname.lastname@example.org. Reports may be included in the Secure UD Threat Alerts blog.
IT will review reported emails and help you determine whether they're part of the "Take a BITE out of phish!" campaign, real phishing attacks, or potentially legitimate emails.
To keep informed of current threats to our community, or to check if an email you received is part of a reported phishing attack, check Secure UD Threat Alerts regularly. You can also follow @ITatUD on Twitter; the IT Twitter feed includes new posts to Secure UD Threat Alerts.
Test emails sent as part of the "Take a BITE out of phish!" campaign will be featured on Secure UD Threat Alerts after each monthly test.