Phishing Simulation

About

In an effort to enhance Western University's community awareness and diligence, Western Technology Service's SOC team will be hosting a phishing simulation where fake phishing emails will be sent to all users on and off campus including faculty and staff.

Phishing — a major social engineering tactic that is used on targets to obtain credentials — is one of the most common cyberattacks against education, health and finance institutions. 

Types of Phishing Attacks

Spear Phishing Targeting a specific group or type of individual (Ex. System Administrators), this type of phishing requires the cybercriminal to analyze their target(s).
Whaling Similar to spear phishing however the cybercriminal is targeting Senior leadership users within a company (Ex. CEO, CFO, CTO, etc.)
Smishing Attack using text messaging (SMS), this can contain a link or a return phone number. (Ex. Account compromised and asking user to verify personal information)
Vishing Attack using voice call, although this is less common than the others it is still a possible method to be phished (Ex. Cybercriminal impersonating bank employee about account issues and trying to obtain information).
Angler Phishing Cybercriminal will use notifications or direct messaging via social media apps to trick users into compromising their account/information.

Why?

Purpose of phishing awareness simulation:

  1. Awareness & Training: As academic research institutions are one of the main targets for cybercriminals to perform social engineering and attacks, Western wants to protect its users and community. Performing this simulation will allow users to demonstrate their knowledge of detecting spam & phishing. Additionally, there will be training and other resources provided on how to recognize, avoid, and report phishing attacks in order to protect students, staff and faculty on and off campus.
  2. Cybersecurity efforts: Performing this simulation will help us collect metrics and information about the changing landscape of email-based attacks in order to better protect the Western community and adjust our cybersecurity education efforts.

Scope

The current scope of the phishing awareness simulation will consist of all active Western students, staff and faculty members.

Get Started

During selected months, WTS will send emails that resemble phishing attacks to a select group of users. By the end of the simulation every user will have encountered a simulated phishing attempt. If the user opens the link in the email, it will be recorded. Credentials enters while click on the link will also be recorded. Users who fall for the phishing attempt will be re-directed to a supplementary page where additional information and training is available.

Training

Although training is not mandatory, it is highly recommended for all users as it builds awareness and proficiency for users to identify phishing attempts. Not only does it benefit users, it also benefits Western by providing metrics on what can be further changed and adopted in order to make internet access at Western more safe and secure.

Secure Awareness Training

FAQ

Resources

Spam & phishing overview

Spam

Phishing

Email Scams

Spam & Phishing pamphlet

Published on  and maintained in Cascade.