Phishing Campaigns

Information on UW-System Phishing Campaigns

In 2021, UW-System Office of Information Security implemented a Phishing Campaign on all campuses for all employees, including student employees. This phishing simulation emails are used to test and reinforce good behavior and are intended to help employees recognize, avoid and report potential threats that can compromise critical data and systems. Each month, UW-System is using a tool called InfoSec to send an email that appears to be a phish. When an employee clicks on a link within the phishing campaign email, they will be notified that they failed the test and they are directed to an informational site.

Supplemental Training Course

Per UW System Administrative Policy 1032, Information Security: Awareness, after an employee clicks on three phishing campaign emails within a calendar year, they will be enrolled in a short phishing training course. Employees that are enrolled in the supplemental training can expect to see an email from: securityawareness@lists.wisconsin.edu. The email will provide a link to complete the supplemental awareness training. See sample email:

Phishing training email

The supplemental security awareness training will consist of a short video that should take users less than 10 minutes to view and complete. The training must be completed within 30 days of assignment and once enrolled, employees will receive email reminders periodically until the training is completed.  If this training is not completed in 30 days, a report will be sent to Human Resources.  Failure to complete the required training within the specified period may result in disciplinary action. 

For more information about phishing you can contact the Technology Help Desk at 715232-500 or techdesk@uwstout.edu. For questions regarding compliance, please contact the Human Resources department at AskHR@uwstout.edu  

March Phishing Campaign

March 2022 Phishing Email Example

March Mail example
  1. The March campaign was aligned with the tax season which is what many phishing experts will do. They will use current events to make the emails appear relevant.

  2. The display email used was from an unfamiliar email account and not associated with a UW email address or with your personal tax company.

  3. There was a "Call to Action" message. "Your ability to e-file will be disabled" statement demanded your response.

Phishing Rates for March 

 

Phishing Rates

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

561

1.6%

UW-Parkside

771

2.0%

UW-Milwaukee

7104

3.4%

UW-Eau Claire

2989

2.5%

UW-Green Bay

1588

2.5%

UW-La Crosse

2342

2.2%

UW-Oshkosh

2726

2.5%

UW-Platteville

2150

3.0%

UW-River Falls

1525

3.1%

UW-Stevens Point

2572

4.4%

UW-Stout

2216

3.1%

UW-Superior

818

3.1%

UW-Whitewater

2658

2.6%

UW-Madison

35331

2.6%

Systemwide

65351

2.8%

 

See Also:




Keywords:phishing clicks email   Doc ID:117750
Owner:Heidi C.Group:UW Stout
Created:2022-04-04 13:56 CDTUpdated:2022-04-15 14:42 CDT
Sites:UW Stout
Feedback:  0   0