UM Today UM Today University of Manitoba UM Today UM Today UM Today
News from
Information Services and Technology
UM Today Network

National Fraud Awareness Month – Phishing Education

Simulated phishing email helps users recognize and become more resilient to real attacks

April 28, 2017 — 

At the end of March, as part of National Fraud Awareness Month, the Information Security & Compliance team in collaboration with the Office of Risk Management – Security Services, sent all employees a simulated phishing email that imitated a real attack. The email pretended to be from the university’s Human Resources department and contained the subject line, “Important notice regarding your recent tax filing with CRA”.

A summary of the results from the March simulation is below:

  • The simulation email was sent to 5,950 faculty and staff.
  • 587 users clicked on the link (9.87%).
  • 208 users reported the email to spam@umanitoba.ca
  • 183 users reported the email to the Service Desk.
  • 19 phone calls and 12 emails to the Payroll Help Desk.

Compared to previous tests in October and January, this simulation saw a rise ­— from 4% to almost 10% — in the number of users who clicked the link.   Users who reported the email commented that this one was particularly well done.  The U of M branding, the closing from HR, the reference to the CRA and university T4 information coupled with receiving the email during tax season, were all very convincing and may have accounted for the higher percentage of clicks in this simulation.

Users who clicked the link were presented with an infographic showing ways to recognize phishing emails.

Simulated emails are designed to provide a realistic experience in a safe and controlled environment. They help users recognize and become more resilient to tactics used in real phishing attacks.

Periodic simulations will continue in order to educate users on how to recognize phishing attacks and help prevent cyber security exploits.

Remember, information security starts with you!

For more valuable information about phishing attacks, visit the Information Security and Compliance web page at http://umanitoba.ca/computing/ist/security/phishing.html
If you have any questions, please contact the Service Desk at 204-474-8600 or servicedesk [at] umanitoba [dot] ca. If you receive a suspicious email, delete it or forward it to spam [at] umanitoba [dot] ca.

, , ,

© University of Manitoba • Winnipeg, Manitoba • Canada • R3T 2N2

Emergency: 204-474-9341