With cybersecurity threats on the rise and Penn State remaining a highly-targeted institute within the Big 10 conference, educating faculty and staff on how to recognize and protect themselves from cybercriminals remains a top priority for the Office of Information Security. The financial impact on individuals of surrendering user names and passwords to cybercriminals can amount to tens of thousands of dollars, often before the user realizes they've been compromised.
As part of its ongoing education and awareness efforts, the Office of Information Security will be launching its first self-phishing campaign in the next few weeks. The program's intent is to teach users to recognize malicious content and to avoid falling prey to phishing schemes.
What is Phishing?
Phishing is an attempt to steal personal information from someone, usually via a fraudulent email message or phone call. The people who do this pose as representatives of trusted, well-known organizations and ask for information that will allow them to impersonate their victims.
Why conduct a self-phishing campaign?
Prevention offers the first line of defense against cyberattacks. Helping you better protect yourself from phishing helps you and Penn State.
How will the campaign work?
In the following weeks, the Office of Information Security will send a "phish" to all full-time faculty and staff members. A "phish" is a suspicious email that attempts to lure you into giving up your personal information, such as your user ID, password, social security number, or other sensitive information. Remember, Penn State will never ask you for that information via email. If you do click on the link and enter your information, you will be redirected to a website that explains what you should have recognized in the email and resources on how to protect yourself in the future. Please note, the "phish" will be sent your psu.edu account. We will not send phishing emails to pennstatehealth.psu.edu, but depending on forwarding settings Penn State Health employees may still receive the phish from their psu.edu account.
Is there any way to recognize a phish?
To learn more on how to avoid phishing attempts, please visit the dedicated website: phishing.psu.edu, or Office of Information Security's website: security.psu.edu.
The intent of the campaign is not to shame or aggravate our community but rather to enhance understanding of how cybercriminals operate and to expand their abilities to recognize a phish. The Office of Information Security will NOT report any individual failures.