Don't Take the Bait

fish surrounding email

ITS SECURITY AWARENESS (PhishMe) 

On October 30, 2017, ITS introduced SF State’s Information Security Awareness program for faculty and staff. The program consists of monthly security advisory training messages and phishing training exercises where simulated phishing messages are sent to employees. The launch of this campaign enabled Exchange users to see a Report Phishing icon in Outlook 2013 and 2016, or a Report Phishing link in Outlook Web Access (OWA).

Outlook Ribbon with Report Phishing icon

Outlook Web Access Report Phishing link

GOAL
The goal for the next training exercise is to increase the report rate (reporting an email as a phishing attempt), and decrease the click rate (clicking on a message link within an email).

RECOMMENDATION TO USERS

Some individuals clicked just to see what would happen. We recommend users report before clicking to receive confirmation that the email is a part of the training exercise.

DON’T SEE THE PHISH ME ICON IN OUTLOOK?

Some individuals were unable to see the PhishMe Reporter icon due to older Outlook clients and configuration settings. Things to check in Outlook:

  • Ensure you are running Outlook 2013 or Outlook 2016 and have run Outlook updates (Help menu -> Check for Updates).
  • Make sure the Ribbon is enabled in the View menu.
  • Make sure the Reading pane is enabled in the View menu.

The ITS Service Desk is available to resolve these issues. Please contact service@sfsu.edu for assistance. To learn more about Phishing, refer to our Security Advisory – Phishing page at http://its.sfsu.edu/guides/securityadvisory_phishing.

Thursday, November 16, 2017