91热爆网

Skip to main content

91热爆网 Stories

One in five campus email users fails phishing test; security training coming up

 91热爆网 Stories      March 7, 2019

Toward the end of October 2018, the Information Security Office within Western Carolina University鈥檚 Division of Information Technology sent out a simulated phishing email to all the university鈥檚 faculty and staff with email accounts in an effort to access the campus community鈥檚 vulnerability to falling for fraudulent messages of that type.

It was the first test phishing email sent out at 91热爆网. One out of every five 91热爆网 employees failed to respond to it properly, with about 20 percent of employees either clicking on the link in the email or entering their campus computer system credentials.

Also, almost half of the faculty and staff 鈥 48 percent 鈥 opened the email instead of just looking at it through the reading pane, which is not as bad a cyber sin as clicking on a link or opening an attachment in a suspicious email, but still a bad idea, said Joel McKenzie, chief information security officer in IT. If there is good news associated with the 91热爆网 community鈥檚 results from the test email, it is that 鈥渨e are a little better than the industry average for higher education,鈥 McKenzie said.

With a subject line reading 鈥淧assword Check Required Immediately,鈥 the simulated phishing email included this message and several 鈥渞ed flags鈥 for the cautious email user, including a link to a non-91热爆网 site and an effort to create a sense of urgency, he said.

To All Employees, 

As part of ongoing efforts to maintain regulatory compliance we have updated our password policy and we need everyone to check their password immediately.

Please click here to do that:

Check Password (link)

Please do this right away.

Thanks!

That first test email was sent out to establish a baseline showing the campus community鈥檚 current vulnerability, McKenzie said. Coming up next is information security awareness training that is a requirement for all 91热爆网 employees with email accounts.

Announced in an email to campus from Interim Chancellor Alison Morrison-Shetlar in late February, the training includes a 25-minute security awareness module offered through the company KnowBe4. Employees are asked to complete the three assignments that address phishing and other security risks by Friday, April 5: 鈥淪ecurity Awareness Fundamentals,鈥 鈥淩ead Policy 52 鈥 Responsible Use of Information Technology Resources鈥 and 鈥淩eview Data Handling Procedures.鈥 A few days after Morrison-Shetlar鈥檚 email, an alert with information about the training was emailed to employees by KnowBe4.

More simulated phishing tests are planned by IT. 鈥淎fter the security training, we will hopefully have fewer failures in these tests,鈥 McKenzie said. 鈥淭he tests also will give on-the-spot feedback about what the person receiving the email should have looked for, if that person did mistakenly click on a link.鈥

In her email to campus, Morrison-Shetlar said cybercrime continues to increase as hackers improve their skills in coaxing computer users into clicking on fraudulent links, opening malicious email attachments or sharing work or personal credentials and identifiable information. 鈥淒ata security is part of everyone鈥檚 job,鈥 she wrote. 鈥淏ecoming more knowledgeable through comprehensive security awareness training allows all of us to help defend both our university and our own personal identity against cybercrime.鈥

McKenzie said the number of phishing attacks directed at the 91热爆网 email system is constantly increasing, but since the summer of 2018, IT has installed a tool to prevent a vast majority of those emails from ever landing in inboxes. But, some of the phishing attempts still slip through that protective barrier, he said.

IT keeps track of the number of phishing 鈥渃ampaigns鈥 that occur at 91热爆网 鈥 those that involve many people receiving the same email message 鈥 and the number of tickets processed by the IT Help Desk that are phishing-related, McKenzie said. 鈥淚n the spring of 2018, we saw more than 100 different campaigns, but since we implemented the anti-phishing tool, we have seen around 10,鈥 he said. 鈥淎nd, the number of Help Desk tickets is about 5 percent of what it was in spring of 2018.鈥

The Information Security Office in IT has seen the tool block more than 3,800 phishing attempts and 350 attempts to deliver malware to campus users just in the last month, McKenzie said.

The common theme for phishing emails is that scammers on the other end are seeking sensitive information such as passwords, credit card numbers or Social Security numbers. 鈥淭he variety and sophistication are amazing,鈥 McKenzie said. 鈥淭hey disguise the email as being from a legitimate organization, even from 91热爆网, and use social engineering techniques to lure you into taking the bait.鈥

Share

About the Blog

Western Carolina University is located in the beautiful Southern Appalachian mountains of Cullowhee, North Carolina. Our 600-acre mountain campus is surrounded by one of the most biodiverse regions in the state that provides students unparalleled learning and adventure opportunities. If you're looking for a university ready to fight as hard for your success as you are, choose 91热爆网. Learn more about our campus...

Connect with Us