Phishing Awareness Campaign Results: January – July 2018
The Office of Information Technology’s (OIT) 2018 Phishing Awareness Campaign is halfway through the year and the results show employees continue to stay alert by reporting suspicious emails. See the mid-year progress chart below detailing the January – July scenarios, the subject line, and type of mock phishing email sent (containing a link or attachment). The results show the overall number of employees reporting exceeds the overall number of employees that clicked the link or attachment.
Remember, reporting malicious emails is the BEST option. Report the email to the PhishTrap mailbox using the Report Phishing tool located on the Microsoft Outlook toolbar or within the O365 portal.
IT Security will analyze the emails and if found legitimate, return the email to you.
Although OIT has security protocols in place to protect against malicious emails, cyber criminals are constantly developing new techniques designed to bypass security measures. In order to help you make an informed decision when determining the legitimacy of email consider taking the Cybersecurity e-courses withinMC Learns. The e-courses are short videos that provide employees with the skills needed to detect malicious emails.
Another security tool available to all employees is two-factor authentication (2FA), a second level of verification of your identity. This added layer of security will help decrease O365/MyMC account compromises. To learn more about 2FA and enroll, please visithttps://mcblogs.montgomerycollege.edu/itprojects/2fa/faqs/.
For any technology-related questions or issues, please contact the IT Service Desk:
- by clicking on the IT Service Desk icon on your desktop
- by email at firstname.lastname@example.org
- by web chat on OIT’s web page athttp://cms.montgomerycollege.edu/oit
- by phone at 240-567-7222
2017 Phishing Awareness Campaign Results
The Office of Information Technology (OIT) conducted a Phishing Awareness Campaign in 2017 in an effort to educate the Montgomery College community on how to identify and report suspicious emails to the PhishTrap.
Although Montgomery College is becoming more vigilant in detecting suspicious emails there is always room for improvement. The email scenarios sent in March, June, October, and November were designed to mirror the real-world threat of credential harvesting. As shown in the chart below, 58 employees gave up their Office 365/MyMC credentials in March, 55 employees in June, 144 employees in October, and 16 employees in November. The compromise of one account, compromises all accounts – O365 email, MyMC, VPN, and ultimately Workday.
2017 Phishing Campaign Results:
What can you do to help?
Be vigilant in 2018! Remember these security guidelines to help protect your data and the College’s information:
- Don’t be fooled! OIT and the College will never ask for your password.
- Enroll in Two-Factor Authentication (2FA).
- To further protect your Office 365 account consider signing up for Two-Factor Authentication (2FA), a process requiring a one-time code in addition to a password for account access. 2FA adds a second level of verification of your identity. This added layer allows you to use your mobile phone, tablet, or landline phone to easily confirm your login requests. 2FA prevents an attacker from signing into your account in the event your password is exposed. To learn more and to enroll visit: http://mcblogs.montgomerycollege.edu/itprojects/2fa
- Don’t click on the links in an email. If you have a business relationship with the sender or an account (MyMC, Amazon.com, your bank, etc.), log in to the account by using the known web address for the account, i.e. montgomerycollege.edu – Access MyMC
- Important clues to a phishing email are the sender/email address is unknown, the process requested in the email is unfamiliar, the attachment or fax is not expected.
- Attackers prey on your emotions – the content in a phishing email is desperate. They use words like “urgent”, “account disable”, or “immediate”. Remember to Stop. Think. Report.
OIT encourages all employees who need assistance in spotting a phishing email to take the Cybersecurity e-courses within MC Learns. The e-courses are short videos that provide employees with the skills needed to detect malicious emails.
For more information about phishing email attacks and other security related questions email ITSecurity@montgomerycollege.edu