Phishing for fraud prevention
Online tax-phishing simulation - Think Before You Click!
Recently, Information Security & Compliance sent all U of M employees a simulated phishing email during National Fraud Prevention Month in March. The simulated phishing email pretended to be from the university’s payroll department and contained the subject line, “Important notice regarding your tax information.”
Compared to last year’s simulation at U of M, a similar simulated phishing email, this simulation saw a decrease in the number of people who clicked the link and an increase in the number of people who reported the email as suspicious.
Here is a summary of the simulation results:
- 376 or 6.8 per cent of users clicked on the link, a decrease from 10 per cent last year
- 366 users reported the email to spam [at] umanitoba [dot] ca (compared to 208 total reports last year)
- 151 users reported the email to the Service Desk
- Everyone who clicked on the link was redirected to an infographic on how to recognize phishing emails
While fewer employees clicked on the link this year, 376 clicks is still a large number of individuals who thought it was a legitimate email.
To avoid falling for a tax-phishing scam, use these tips:
- Check if the URL is correct. Don’t be misled by sites claiming to be a government agency or tax-software company, but have a slightly different URL.
- Verify the sender. Don’t assume an email is legitimate by looking at the header– it’s easy to fake a From: or Reply-to: Call the sender to confirm the request is legitimate.
- Don’t open it. Most tax-related government agencies do not initiate contact by email, text message or social media. If the email mentions tax forms, it is likely a scam.
- Bookmark tax software websites. Navigate only to trusted sites by using bookmarks.
- Educate yourself. Take the Competition Bureau’s Fraud Quiz to test your ability to recognize a scam.
About email simulations
Simulated email messages provide a realistic experience in a safe and controlled environment. They are designed to help us recognize and resist tactics used in real phishing attacks.
Periodic simulations will continue as a part of the university’s Cyber Security Awareness Campaign.
Remember, information security starts with you!
For more information about phishing attacks, visit the Information Security and Compliance web page at http://umanitoba.ca/computing/ist/security/phishing.html.