About phishing education at Indiana University

Note:
To learn how to spot fake email messages and social engineering scams, visit Phishing Education & Training. For online courses on phishing and email security, see Email Security Fundamentals.

In the recent past, several high-profile phishing scams have endangered university data. The most dangerous attacks are not using cutting-edge technology, but rather rely on social engineering to outwit a person with privileged access into handing over information. It is the digital equivalent of a car thief putting on a red blazer, standing outside a fancy restaurant, and stealing cars by impersonating the valet.

Given that many of the most threatening phishing episodes are highly contextualized to a unit's leadership, VPIT recommends that units engage in their own internal phishing education and internal phishing exercises. The goal of education and internal phishing exercises is a behavior change towards increased vigilance by everyone.

UITS has contracted with PhishMe for an anti-phishing service that is available to interested schools and departments through IT Community Partnerships (ITCP). PhishMe includes training, simulations, and tools to help participants identify and report suspicious messaging. Reports and analytics for each unit's internal phishing campaigns will be separately maintained by the vendor; UITS will not keep a list of those who fail to recognize a simulated phish. Local efforts are essential as one more layer to reduce incidences of phishing through education and exercises as UITS continues to educate across the whole university. IT Pros were briefed on this plan in May 2016. While the training, simulations, and tools are designed to work together, a unit may choose to use components individually.

Self-guided training

The self-guided training from PhishMe will be hosted in Canvas. Several training modules are available for departments to choose from. The online training includes assessments for participants to track their progress. IT Community Partnerships will assist departments in setting up their Canvas phishing training course.

Simulated phishing email

PhishMe Simulator is a service that allows administrators to send simulated phishing email to custom groups. As part of this service, some educational resources are also made available to individuals when they fall victim to a simulated phishing scam. To subscribe to this service, see the WebHelp site.

Reporting tools

In Outlook for Windows and Mac, the PhishMe Reporter add-in provides quick reporting of suspected phishing messages.

This is document ajvi in the Knowledge Base.
Last modified on 2019-03-28 15:06:15.

Contact us

For help or to comment, email the UITS Support Center.