Phishing email simulation summary infographic

Infographic results of phishing email

Phishing for fraud prevention

Online tax-phishing simulation - Think Before You Click!

March 28, 2018 —

Recently, Information Security & Compliance sent all U of M employees a simulated phishing email during National Fraud Prevention Month in March. The simulated phishing email pretended to be from the university’s payroll department and contained the subject line, “Important notice regarding your tax information.”

Compared to last year’s simulation at U of M, a similar simulated phishing email, this simulation saw a decrease in the number of people who clicked the link and an increase in the number of people who reported the email as suspicious.

Here is a summary of the simulation results:

376 or 6.8 per cent of users clicked on the link, a decrease from 10 per cent last year
366 users reported the email to spam [at] umanitoba [dot] ca (compared to 208 total reports last year)
151 users reported the email to the Service Desk
Everyone who clicked on the link was redirected to an infographic on how to recognize phishing emails

While fewer employees clicked on the link this year, 376 clicks is still a large number of individuals who thought it was a legitimate email.

To avoid falling for a tax-phishing scam, use these tips:

Check if the URL is correct. Don’t be misled by sites claiming to be a government agency or tax-software company, but have a slightly different URL.
Verify the sender. Don’t assume an email is legitimate by looking at the header– it’s easy to fake a From: or Reply-to: Call the sender to confirm the request is legitimate.
Don’t open it. Most tax-related government agencies do not initiate contact by email, text message or social media. If the email mentions tax forms, it is likely a scam.
Bookmark tax software websites. Navigate only to trusted sites by using bookmarks.
Educate yourself. Take the Competition Bureau’s Fraud Quiz to test your ability to recognize a scam.

About email simulations

Simulated email messages provide a realistic experience in a safe and controlled environment. They are designed to help us recognize and resist tactics used in real phishing attacks.

Periodic simulations will continue as a part of the university’s Cyber Security Awareness Campaign.

Remember, information security starts with you!

For more information about phishing attacks, visit the Information Security and Compliance web page at http://umanitoba.ca/computing/ist/security/phishing.html.

IST Communications

IST, security, Staff

VP Evolution Project enables Entra MFA for VIP/ESS access on April 3

The VIP Evolution project is a multi-year project, with dedicated resources from Information Services and Technology (IST), Human Resources and Payroll, led by a project board of leaders from across the UM community. The project’s focus is leveraging VIP functionality, reducing risk, and improving the user and employee experience.

Recognizing and combating fraud this tax season

Tax season is a heady time for fraudsters who hope to take advantage of seasonal anxiety to scam Canadians out of their money. Of course, tax season isn't the only time scammers have their way. Two common types of fraud that often threaten organizations are phishing and business email compromise (BEC) scams. These frauds are meticulously designed to appear credible, often leaving individuals and businesses vulnerable to significant losses.