skip to Main Content

2018 Phishing Awareness Campaign Results

The Office of Information Technology (OIT) completed our third year of educating College employees on security awareness through the monthly Phishing Campaigns. Below are the 2018 results showing our progress. College employees are becoming more vigilant in detecting and reporting suspicious emails. Specifically, in December 2018, over 1,000 employees reported the “Gift Card” scam email. The phishing scenario emails mirror the real-world threats employees receive every day. A review of the results below show that the secure download (January), social media (March), and package delivery (August) type emails, all crafted using fear and urgency, are the hardest to spot.

To avoid falling victim to email scams, OIT recommends all employees:

  • REPORT the email using the Report Phishing button located on your Outlook toolbar. IT Security will analyze the email and, if found malicious, will block the threat.
  • If you sense something strange or “phishy” about the email, pick up the phone and call the sender. Do not respond back to the sender in an email because the attacker will direct you to complete the request or download the malicious attachment.
  • Do NOT click on the links in an email. If you have a business relationship with the sender or an account (MyMC, Amazon.com, your bank, etc.), log in to the account by using the known web address for the account, i.e. montgomerycollege.edu – Access MyMC
  • Enroll in two-factor authentication (2FA) to protect your Office 365 account. Sign up for 2FA, an added layer of security that will help decrease account compromises and identity theft, provide real-time alerts for password protection, and allow you to use your mobile phone, tablet, or landline to easily confirm your login requests. To learn more about 2FA, please visit https://mcblogs.montgomerycollege.edu/itprojects/2fa.

OIT encourages all employees who need assistance in spotting a phishing email to take the Cybersecurity e-courses within MC Learns. The e-courses are short videos that provide employees with the skills needed to detect malicious emails.

_________________________________________________________________________________________________________________________

2017 Phishing Awareness Campaign Results

The Office of Information Technology (OIT) conducted a Phishing Awareness Campaign in 2017 in an effort to educate the Montgomery College community on how to identify and report suspicious emails to the PhishTrap.

Although Montgomery College is becoming more vigilant in detecting suspicious emails there is always room for improvement. The email scenarios sent in March, June, October, and November were designed to mirror the real-world threat of credential harvesting. As shown in the chart below, 58 employees gave up their Office 365/MyMC credentials in March, 55 employees in June, 144 employees in October, and 16 employees in November.  The compromise of one account, compromises all accounts – O365 email, MyMC, VPN, and ultimately Workday.

2017 Phishing Campaign Results:

What can you do to help?

Be vigilant in 2018! Remember these security guidelines to help protect your data and the College’s information:

  • Don’t be fooled! OIT and the College will never ask for your password.
  • Enroll in Two-Factor Authentication (2FA).
    • To further protect your Office 365 account consider signing up for Two-Factor Authentication (2FA), a process requiring a one-time code in addition to a password for account access. 2FA adds a second level of verification of your identity.  This added layer allows you to use your mobile phone, tablet, or landline phone to easily confirm your login requests.  2FA prevents an attacker from signing into your account in the event your password is exposed.  To learn more and to enroll visit: http://mcblogs.montgomerycollege.edu/itprojects/2fa
  • Don’t click on the links in an email. If you have a business relationship with the sender or an account (MyMC, Amazon.com, your bank, etc.), log in to the account by using the known web address for the account, i.e. montgomerycollege.edu – Access MyMC
  • Important clues to a phishing email are the sender/email address is unknown, the process requested in the email is unfamiliar, the attachment or fax is not expected.
  • Attackers prey on your emotions – the content in a phishing email is desperate. They use words like “urgent”, “account disable”, or “immediate”.  Remember to Stop. Think. Report.

OIT encourages all employees who need assistance in spotting a phishing email to take the Cybersecurity e-courses within MC Learns. The e-courses are short videos that provide employees with the skills needed to detect malicious emails.

For more information about phishing email attacks and other security related questions email ITSecurity@montgomerycollege.edu

Back To Top
Close search
Search