Enhancing cybersecurity awareness with Microsoft’s phishing simulation tool
Training employees to recognize and respond to cyber threats
With phishing attacks becoming more sophisticated and prevalent, staying one step ahead is a necessity. The university’s latest development in the fight against phishing is a new phishing simulation tool powered by Microsoft.
What is a phishing attack?
A phishing attack is a type of social engineering where attackers impersonate legitimate businesses to steal sensitive information. It could be an email from a reputable source with a malicious link or a sophisticated spear-phishing attack tailored to the individual, using multiple sources to ensure the message is relevant to that person.
These attacks are not only common but can also be devastating. According to the Canada Revenue Agency, $544 million was lost to fraud in Canada in 2023.
A successful phishing scam can lead to data breaches, financial loss and reputational damage for institutions. The impact is far-reaching and erodes trust in digital communications.
Training and testing
Regular training and testing are essential components of any robust cybersecurity strategy. This is especially true for staff and faculty, who are often the targets of these attacks due to the vast amount of sensitive information they may have access to.
The university’s Information Security and Compliance team conducts phishing simulations to keep staff sharp, cautious and informed about current trends in phishing and to provide insights into the effectiveness of our cybersecurity awareness initiatives.
Microsoft’s phishing simulation tool
Microsoft’s phishing simulation tool is designed to emulate the tactics of real phishing attempts, providing a controlled environment to test users’ awareness and response.
The tool comes with a diverse set of pre-configured templates that mirror the subtlety and complexity of actual phishing campaigns. These simulations not only test the recipients’ ability to discern phishing emails but also the effectiveness of any existing security measures.
Real-time feedback and learning opportunities
The tool doesn’t just identify success or failure in detecting phishing emails—it provides participants with insights into which elements were most deceptive. When a recipient clicks on a link in the phishing test message and enters their credentials into the corresponding website, they will:
- Be redirected to a page that informs them it was a phishing simulation and shows the parts of the message that were indicators of fraud.
- Have an option to take a short online course as an added learning opportunity.
- Receive an email from the IST Service Desk reminding them that an optional training course is available.
This redirection to real-time learning opportunities makes using Microsoft’s phishing simulation tool a proactive measure to improve our collective cybersecurity.
Report it!
Over the next week, look out for a suspicious message in your Outlook inbox. If any message seems suspicious, report it to spam [at] umanitoba [dot] ca or use the Report phishing menu option in New Outlook and Outlook for the Web.
Cybersecurity requires the active participation of every member of our community. Together, we can reduce our susceptibility to cyber threats and maintain a secure and trustworthy digital environment.
Read about How to recognize a phishing email.
Cyber Security Starts with You!