With all of the recent phishing exploits that UAA has been receiving, the sophistication of ourr user community in identifying and rejecting requests for personal information and usernames/passwords has been tested. We have unfortunately seen a number of exploited UAA mail accounts picked up by spammers and used to send mass email until our anti-spam systems have intercepted them. As a result, UAA's mail reputation has been damaged several times for days which produces mail delays or temporary rejections.
While our engineers have worked to imrpove our outbound mail flow monitoring its evident that our employees must become more vigilant in dealing with phishing exploits. We have been mounting a public information campaign recently and wanted to test our community's readiness.
Last week, we staged the first of what will become periodic phishing readiness tests. An email was sent to 3,000 UAA employees by the University Support Center (a fake organization) requesting recipients to provide UAA usernames and passwords to assist in "storage cleanup".
13 recipients forwarded the message directly to me asking about it's authenticity. 31 recipients replied back to the sender with a variety of suggestions as to what could be done with the request. One faculty member was so incensed that he actually replied twice letting the sender have it...
Of particular concern, however, were the 15 UAA employees who coughed up their usernames and passwords. Twelve of these employees were faculty, one was a staff member, one a coach and one was an associate dean. We are assuming (and hoping) that the 2,941 remaining recipients saw the exploit for what it was and simply deleted it.
It's clear we still have some targeted user training to do.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment