Genuine email phishing scam or IT phishing simulation?
From time to time, our IT Security Team runs email phishing campaigns that simulate a real-life phishing scam. Some of these email simulations are glaringly obvious, some are more subtle. There are various benefits to the Trust on running these simulations, the most pertinent we have listed below;
Decreased security risks to the Trust due to social engineering attacks involving human manipulation and deception.
Staff become aware of possible use cases and how attackers craft genuine-looking emails to fulfil their motives.
The workplace becomes safer technically and the learnings derived extend to staffs home life as well.
21% of staff fell victim to our latest email phishing simulation, perhaps this was due to its subtle nature. Those staff will be sent an email (oh the irony) asking them to complete some online training, please see this solution on how to identify these genuine emails. Phishing Training Email - 'You have training(s) to complete'
So, keep your wits about you, question every email and if in doubt, get it checked out, using this form: Suspicious Email