This past October VUIT hosted our 2nd annual Email Phishing Challenge. Each week a simulated phishing email was sent to all vinu.edu email accounts and the first user to report the message to the IT Help Desk won a small prize.
Here are the results of the Phishing Challenge:
Week 1: Please complete the quick poll!
Article - Week 1 Phish
(From: Vincennes University<admin@vinu.edu>)
(“Dear user”)
(Hover over the link. Link does not take you to the site the email content says it will.)
Week 2: Amazon: Please Review Your Delivery Details to Avoid Return
Article - Week 2 Phish
(From: Amazon <noreply@youraccount-alerts.com>)
(“Dear user”)
(Tells you to click a link or open an attachment.)
(Hover over the link. Link does not take you to the site the email content says it will.)
(“Do this now!”)
Week 3: Email Review
Article - Week 3 Phish
(Mailserver <noreply@mail-serverpost.com>)
(Hover over the link. Link does not take you to the site the email content says it will.)
Week 4: Is your voter registration up to date?
Article - Week 4 Phish
(Department of State <vote@compliance-gov.com>)
-
Request to click a link or open an attachment.
-
Suspicious link destination.
-
(Hover over the link. Link does not take you to the site the email content says it will.)
-
Sense of urgency
(Do this now!”).
Week 5: Your organization requires a Zoom upgrade
Article - Week 5 Phish
(From: Zoom <itsupport@update-zoom.us>)
(Do this now!”).
(Hover over the link. Link does not take you to the site the email content says it will.)
Takeaways:
Key phishing indicators included suspicious domains, ambiguous salutations, requests for urgent actions, and misleading links. Despite efforts, click-through rates varied from 2% to 19% highlighting areas for continued vigilance.