MU IT Phishing Campaign
Frequently Asked Questions
Email continues to be the most common method used by cyber-criminals to gain unauthorized access to an organization’s resources. Why spend the time trying to hack an application when you can send a phishing message and trick someone into giving up their login credentials?
I am pleased to announce the launch of a new phishing simulation component which we expect to use in our cyber security awareness program at our university. As the Chief Information Security Officer, I believe that creating a culture of security awareness and education is an essential part of mitigating the risks and preventing cyber-attacks.
Each of the messages will feature a new twist or increasing level of sophistication. This is meant to help build the recipients confidence in recognizing and reporting suspicious e-mail messages. Our goal of these phishing simulations is to help build awareness, not ‘name and shame’. We trust this approach instills a culture of good information security practice for all members of our university community.
We can’t do this alone, so please be prepared to provide us with your feedback in the coming weeks as you receive these phishing emails. Thank you for your participation and support and as each of us has a role in protecting our university’s cyber security.
Week 0 | Week 1 | Week 2 | Week 3 | Week 4 | Week 5 |
---|---|---|---|---|---|
Phishing Awareness Training | Obvious Phishing | Unconvincing Phish | Somewhat Convincing Phish | Convincing Phishing | Very Convincing Phish |
Will I know if I get phished?
Each email sent out by the IT department is designed off of phishing emails we have received in the past. Should you click on one of our phishing emails, you will be notified from out security suite and be asked to complete phishing awareness training.
How will I know if I get phished?
The phishing campaign is designed with user training in mind. If you clicked on one of our campaign emails links, that’s OK! This campaign is designed first and foremost with user-training in mind. We understand that each member at Marshall University has varying levels of experience in
How do I know the emails will be from Marshall University IT?
There will be an initial announcement for your faculty or student group about the phishing campaign. In the following weeks thereafter you will receiving a series of “phishing” emails from our department. Depending on the complexity of the email and whether any links or attachments were clicked, you will receive training that will help you practice
Should you click on our phishing emails, there will be follow up training assigned to you from the Microsoft Windows security suite from
How often does the Marshall University IT department send out phishing campaign emails?
Marshall University plans to send out phishing awareness emails on a department by department basis selected at random. Prior to email deployment, your faculty or student group will receive an announcement email of the upcoming phishing campaign for your group.
What should I do if I get phished?
If you click on a suspicious email and you do not receive any training links sent by our IT department, contact us as soon as possible as may be victim to a legitimate phishing scam.
What do I if I think I have received a phishing email?
In the Microsoft 365 Outlook Web app, you are able to report a phishing email as spam. Simply right click the suspected email, hover over the “report” tab, and click on the “report phishing” option.
Each semester, Marshall University IT department initiates a phishing awareness campaign to educate students and faculty about the dangers of phishing. Marshall University IT department is dedicated to creating a cyber secure campus instilling cyber-awareness to all involved parties. Deploying a phishing campaign is one of the ways that our department
If I report a phishing email, should I use the report phishing Outlook feature or should I directly report at phishing@marshall.edu?
It is best to use the report phishing feature on the Outlook web app. Not only does this forward us a copy of the phishing email you receive, it also tells Microsoft to filter out any similar emails or phishing behavior from your device, preventing the frequency of phishing emails you receive and improving the quality of your University web services.*
*Note this feature only works when using Microsoft 365, Outlook web app, and Outlook Mobile app.
For any further phishing campaign related questions, click here at: https://www.marshall.edu/it/services/ and login in with your MyMU credentials