Did you click the link?
Tax-season phishing simulation email catches fewer
Information Security & Compliance sent all U of M employees a simulated phishing email during National Fraud Prevention Month in March. Last year, the same phishing simulation was used. And like last year, the email pretended to be from the university’s payroll department and contained the subject line, “Important notice regarding your tax information.”
Compared to last year, the simulation saw a slight decrease in the number of people who clicked the link — 6.7% compared to last year’s 6.8%.
The results also showed that of the 6.7% who clicked the link, many were repeat offenders.
“Given the global coverage of our community, this is not surprising,” says David Treble, IT Security Officer. “Sometimes users travelling outside the country are more apt to click links that stress urgency or action, as they may not wish to be inconvenienced while travelling. Other times a phishing email may be timed nicely with real life events, like tax time. ”
Regardless, the trend over three years of the same phishing simulation shows a gradual decrease in staff and faculty who click the link.
To avoid falling for a tax-phishing scam, follow these three simple tips:
- Don’t open it. Most tax-related government agencies do not initiate contact by email, text message or social media. If the email mentions tax forms, it is likely a scam. Either delete the email or forward it to spam@umanitoba.ca for review.
- Verify the sender. Don’t assume an email is legitimate by looking at the header– it’s easy to fake a From: or Reply-to: Call the sender to confirm the request is legitimate.
- Check if the URL is correct. Don’t be misled by sites claiming to be a government agency or tax-software company. Just mouseover any link to verify the URL it is really linked to. Make sure URLs are spelled correctly too.
Think before you click!
About email simulations
Simulated email messages provide a realistic experience in a safe and controlled environment. They are designed to help us recognize and resist tactics used in real phishing attacks.
Periodic simulations will continue as a part of the university’s Cyber Security Awareness Campaign.
Remember, information security starts with you!
For more information about phishing attacks, visit the Information Security and Compliance web page at http://umanitoba.ca/computing/ist/security/phishing.html.