ARCHIVED: About phishing education at IU

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

On this page:

Overview
Self-guided training
Simulated phishing email
Reporting tools

Overview

Note:

To learn how to spot fake email messages and social engineering scams, visit Phishing Education & Training. For online courses on phishing and email security, see Email Security Fundamentals.

In the recent past, several high-profile phishing scams have endangered Indiana University data. The most dangerous attacks do not use cutting-edge technology but rely instead on social engineering to outwit individuals with privileged access into handing over their information. It is the cyber equivalent of a car thief putting on a red blazer, standing outside a fancy restaurant, and stealing cars by impersonating the valet.

Because many of the most threatening phishing episodes are highly contextualized to a unit's leadership, the Office of the Vice President for IT (OVPIT) recommends that IU units conduct internal phishing training to increase vigilance and effect behavioral change among their staff members. These unit-level efforts are an essential complement to ongoing university-wide phishing education.

Self-guided training

The self-guided training from PhishMe will be hosted in Canvas. Several training modules are available for departments to choose from. The online training includes assessments for participants to track their progress. IT Community Partnerships will assist departments in setting up their Canvas phishing training course.

Reporting tools

In Outlook for Windows and Mac, the ARCHIVED: Cofense PhishMe Reporter add-in provides quick reporting of suspected phishing messages.