November 30, 2011
Over 6 billion phishing emails are sent worldwide each month in an attempt to obtain personal information like usernames, passwords, credit card numbers or other sensitive information.
It's important to know that "Emory will never ask users for their passwords," says Brad Judy, senior information security specialist with the Office of Information Technology.
In an effort to track instances where security might be breached, Emory's Office of Information Technology is enhancing its phishing awareness campaign. Over the next several months, Emory will be intermittently sending out phishing-like messages to employees and students for an "in the moment" form of awareness training.
The campaign is in its second phase and evaluates the possibility of Emory email users being victimized by scam artists and cybercriminals. Those who follow the links and provide their passwords will be redirected to a phishing awareness webpage that provides details on how to avoid falling victim to email scams.
IT will share the statistics with business units on campus as to how many employees or students fell for the phish compared to the Emory average. Since this is simply a learning opportunity, names or passwords from the test phish will be not be shared or stored.
"Awareness is up and there has been definite improvement across all departments and groups," says Judy. "So far during this phase, we've seen a 29 percent reduction in user response compared to the promotion we ran a few years back."