About phishing education at Indiana University

To learn how to spot fake email messages and social engineering scams, visit Phishing Education & Training. For online courses on phishing and email security, see Email Security Fundamentals.

In the recent past, several high-profile phishing scams have endangered university data. The most dangerous attacks are not using cutting-edge technology, but rather rely on social engineering to outwit a person with privileged access into handing over information. It is the digital equivalent of a car thief putting on a red blazer, standing outside a fancy restaurant, and stealing cars by impersonating the valet.

Given that many of the most threatening phishing episodes are highly contextualized to a unit's leadership, VPIT recommends that units engage in their own internal phishing education and internal phishing exercises. The goal of education and internal phishing exercises is a behavior change towards increased vigilance by everyone.

UITS has contracted with PhishMe for an anti-phishing service that is available to interested schools and departments through IT Community Partnerships (ITCP). PhishMe includes training, simulations, and tools to help participants identify and report suspicious messaging. Reports and analytics for each unit's internal phishing campaigns will be separately maintained by the vendor; UITS will not keep a list of those who fail to recognize a simulated phish. Local efforts are essential as one more layer to reduce incidences of phishing through education and exercises as UITS continues to educate across the whole university. IT Pros were briefed on this plan in May 2016. While the training, simulations, and tools are designed to work together, a unit may choose to use components individually.

Self-guided training

The self-guided training from PhishMe will be hosted in Canvas. Several training modules are available for departments to choose from. The online training includes assessments for participants to track their progress. IT Community Partnerships will assist departments in setting up their Canvas phishing training course.

Simulated phishing email

PhishMe Simulator is a service that allows administrators to send simulated phishing email to custom groups. Simulator includes a library of phishing email templates and customizable options for training for those who are deceived. Administrators can generate detailed reporting for both the self-guided training and simulated phish services.

An example of a simulated phishing message follows:

Sample email message

Those who fall for the simulated phish will see a training page, such as the following example:

Sample warning

Reporting tools

In Outlook for Windows and Mac, the PhishMe Reporter add-in provides quick reporting of suspected phishing messages.

Getting started

Interested schools and departments should contact talk2uits@iu.edu for details and pricing.

This is document ajvi in the Knowledge Base.
Last modified on 2018-08-07 12:04:35.

Contact us

For help or to comment, email the UITS Support Center.