About phishing education at IU

On this page:


Overview

Note:
To learn how to spot fake email messages and social engineering scams, visit Phishing Education & Training. For online courses on phishing and email security, see Email Security Fundamentals.

In the recent past, several high-profile phishing scams have endangered Indiana University data. The most dangerous attacks do not use cutting-edge technology but rely instead on social engineering to outwit individuals with privileged access into handing over their information. It is the cyber equivalent of a car thief putting on a red blazer, standing outside a fancy restaurant, and stealing cars by impersonating the valet.

Because many of the most threatening phishing episodes are highly contextualized to a unit's leadership, the Office of the Vice President for IT (OVPIT) recommends that IU units conduct internal phishing training and exercises to increase vigilance and effect behavioral change among their staff members. These unit-level efforts are an essential complement to the ongoing university-wide phishing education and exercises conducted by IU Studios.

IU Studios has contracted with Cofense PhishMe for an anti-phishing service that is available to interested schools and departments. PhishMe includes training, simulations, and tools to help participants identify and report suspicious messaging. Reports and analytics for each unit's internal phishing campaigns will be separately maintained by the vendor; IU Studios will not keep a list of those who fail to recognize a simulated phish. While the training, simulations, and tools are designed to work together, units may choose to use components individually.

Self-guided training

The self-guided training from PhishMe will be hosted in Canvas. Several training modules are available for departments to choose from. The online training includes assessments for participants to track their progress. IT Community Partnerships will assist departments in setting up their Canvas phishing training course.

Simulated phishing email

PhishMe Simulator is a service that allows administrators to send simulated phishing email to custom groups. As part of this service, educational resources are made available to individuals who fall victim to phishing simulations. To subscribe to this service, see the IU Studios Store.

Reporting tools

In Outlook for Windows and Mac, the Cofense PhishMe Reporter add-in provides quick reporting of suspected phishing messages.

This is document ajvi in the Knowledge Base.
Last modified on 2020-10-22 13:23:54.