University IT Launches Phishing Awareness Service
University IT’s Information Security Office (ISO) is launching a Phishing Awareness Service on September 15 to help you recognize phishing emails and not fall prey to this common tactic.
Unlike general phishing emails, which are sent to the masses in the hope that a fraction of the millions of recipients will fall victim, spear phishing emails are very targeted attacks. They take advantage of personal and professional relationships, organizational hierarchies, and human curiosities — information that is now readily available through social media and professional networking websites.
These emails pose a unique threat to organizations like Stanford, because their high degree of customization often enables them to evade even the best email filters.
“Spear phishing has become today’s most successful cyber attack mechanism, posing one of the greatest challenges to our privacy and security,” said Michael Tran Duff, Assistant Vice President and Chief Information Security Officer.
Customized, simulated emails provide the right level of exposure and education
The Phishing Awareness Service will send simulated phishing emails to departments at Stanford that specifically request this training. The emails are designed to provide a realistic experience in a safe, controlled environment, and allow recipients to become familiar with tactics used in actual phishing attacks. Once a department has opted-in, the ISO team will work with the department representative to ensure that proper communications are sent in advance to the participants.
“When a department elects to participate in the service, initially a large percentage of the participants will likely be tricked by the simulated phishing emails,” said Joe White, Information Security Officer. “But as participation in the program continues, we would expect that percentage to decrease substantially.”
In addition to educating users, the service will also help ISO collect better metrics and information about the ever-changing landscape of email-based attacks in order to better protect the Stanford community from these threats.
To request participation in the Phishing Awareness Service, contact the ISO Consulting Team by submitting a HelpSU ticket.