Simulated Phishing Email Campaign - Update

August 26, 2018

Thank you for participating in the simulated phishing email training exercise conducted in July. Some of you might have been surprised at how sophisticated next generation phishing has become and how easy it was to fall for it.

Good job identifying and not clicking on the phishing links!

75% of UCSC employees successfully identified or did not respond to the first phish sent in July. The second phish had an even higher success rate of 98%.

See below for details of each phish and tips that might have alerted you that these were phishing emails.

Google also provides email alerts and messages to be careful for those using the Google email web client.

Feedback - we want to hear from you!

If you have feedback on this phishing training exercise, please complete this survey here: https://goo.gl/forms/oDhuY4wLDuydksOe2

There is no shame in falling for a phishing email, however the risk comes when you take a next step such as open the attachment, provide personal information, or login to a fake website with your legitimate credentials. This phishing campaign was designed to help all of us recognize and correctly handle phishing emails. Phishers continue to target email users because they get results, our email addresses are publicly known so we can expect to be targets.

As a reminder, Identify, React and Report! For more information see: https://its.ucsc.edu/news/report-phishing.html

Reporting to ITS as soon as you receive an email that you think might be a phish enables the help desk staff to work with security and technical teams to take action to reduce risk of the phish being successful, such as:

  • Blocking access to malicious links inside the email message from within campus networks
  • Purging known phish emails from users inboxes

We had over 900 reports to the help desk from the phishing campaign. Everyone who reported the simulated phish has been entered into a drawing for one of five $25 Amazon gift cards. These are legitimate gift cards and winners will be contacted by email and phone by September 7.

We’re in this together, and together we can be more secure!

If you have questions, please submit an IT Request ticket at https://itrequest.ucsc.edu or contact the ITS Support Center by email help@ucsc.edu, telephone 459-HELP (4357), or in-person at Kerr Hall Room 54.

Phish 1, sent July 12, 2018

 Undeliverable Phish Email Image

Phish 2, sent July 24, 2018

Amazcard Phish Email Image