Campaigns

Simulated Phishing emails

The University periodically sends simulated phishing emails to employees to see how they react upon receipt of a scam or phishing email i.e. if malicious domains are flagged, if users spot social engineering, and know not to enable macros or unexpected files. These phishing vulnerability assessments help us to evaluate our security posture and identify key areas to help protect the university from future (genuine) attacks.  

May 2022 Phishing Campaign

Between Tuesday May 24th and Tuesday May 31st 2022, the Cyber Security team in DTS ran a phishing campaign. 7829 emails were sent out to all staff (with an active Microsoft 365 account) on Tuesday 24th, and the phishing website was kept open until the following Tuesday.

Learning actions

Phishing campaigns are not designed to catch you out, we want everyone to learn how to spot one! The takeaway messages from this campaign are:

• Be aware of the red flags of this particular phishing email so you know what to look out for in future attacks
• Report the phish as soon as possible, even if you are unsure, to DTS so that in the event of real phish attack we can stop spread by automatically removing similar emails from other users inbox and we can check your account for compromise.
• This was a targeted attack on OneDrive, so make sure you have enabling Multi Factor Authentication (MFA) for Microsoft 365 if you have not already done so, to give an extra an layer of defence.

Results

For security purposes, the results are on a separate page only accessible using your UoR sign on: DTS Cyber Security: May 2022 Phishing campaign results and analysis. Do not share this information outside of the University.

Training

Digital Skills training (UoR Learn, search for digital skills - security)

Avoid Phishing scams (LinkedIn Learning, video, 8mins)

Cyber Security Awareness - Phishing (LinkedIn Learning, video, 1h)