With the onset of COVID-19 fears, UC campuses have seen a spike in coronavirus-related phishing attempts, including the targeting of COVID-19 research and high-performance computing.
“Bad actors look to capitalize on moments of fear and uncertainty,” said new ITS Chief Information Security Officer Dewight Kramer. “The Information Security Office is examining ways to better support our researchers and the campus at large, but a critical element of safeguarding campus is our collective vigilance. We all play an important role in information security, so we ask that you remain alert of phishing and other cyberattacks.”
This increase in attempts to steal personal data further emphasizes the importance of ITS’ current phishing email simulation campaign. Since February, ITS has deployed three phishing simulations to help measure how well UCR responds to phishing attempts and to educate our campus community on cybersecurity.
The use of this type of phishing campaign to assess a campus’ risk of cyberattack is not only common, it’s considered best practice among Information Security professionals. Phishing simulation campaigns are a common tool in organizations to educate users and mitigate actual phishing attacks by assessing the organization’s level of preparedness and response. In fact, this phishing campaign is considered so valuable that it is funded and mandated by UCOP. As noted above, the UC campuses are at high risk of cyberattack.
If a person clicks on a link within one of ITS’ phishing simulation emails, they will be directed to a “teaching moment” (view an example) whereby they will be shown what to look for in order to have successfully identified the email as phishing. Clicking on a link within a legitimate phishing email sent by a scammer puts your information at risk, which is why we want users to stay diligent. Learn what to do if you suspect email phishing.
The phishing simulation campaign will conclude in June, after which ITS will publish a high-level campus “report card” with the findings.