{"id":1538,"date":"2024-02-21T13:24:51","date_gmt":"2024-02-21T19:24:51","guid":{"rendered":"https:\/\/web.saumag.edu\/its\/?page_id=1538"},"modified":"2024-09-10T11:55:03","modified_gmt":"2024-09-10T16:55:03","slug":"phishing","status":"publish","type":"page","link":"https:\/\/web.saumag.edu\/its\/information\/policies\/phishing\/","title":{"rendered":"Phishing Training Policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"1538\" class=\"elementor elementor-1538\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3e299b1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3e299b1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4e9313a1\" data-id=\"4e9313a1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0934c35 elementor-widget elementor-widget-heading\" data-id=\"0934c35\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Cybersecurity Awareness: Phishing<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-ec59653 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ec59653\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-1adb33c\" data-id=\"1adb33c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-765e4b1 elementor-widget elementor-widget-video\" data-id=\"765e4b1\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;youtube_url&quot;:&quot;https:\\\/\\\/www.youtube.com\\\/watch?v=sEMrBKmUTPE&amp;ab_channel=SANSOffensiveOperations&quot;,&quot;video_type&quot;:&quot;youtube&quot;,&quot;controls&quot;:&quot;yes&quot;}\" data-widget_type=\"video.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-wrapper elementor-open-inline\">\n\t\t\t<div class=\"elementor-video\"><\/div>\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-e29dbc6\" data-id=\"e29dbc6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6716936 elementor-widget elementor-widget-text-editor\" data-id=\"6716936\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3>What is phishing?<\/h3><p>A spoof on the sport of fishing, phishing is a cyber attacker\u2019s method of casting \u201cbait\u201d to \u201ccatch\u201d valuable information. The valuable information can then be used to reel in the prize. Phishers can make emails look very authentic, duplicating images and landing pages.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-f71c68a elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"f71c68a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-ced9e06 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ced9e06\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-089a7d3\" data-id=\"089a7d3\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-03d4732 elementor-widget elementor-widget-text-editor\" data-id=\"03d4732\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3>How can you spot an email phisher?<\/h3><p>Be suspicious:<\/p><ul><li>\u00a0 about <i>every<\/i> email from an unknown sender<\/li><li>\u00a0 about <i>any<\/i> email that comes from a known sender with an odd request<\/li><li>\u00a0 about <i>any<\/i> email that contains a sense of urgency<\/li><li>\u00a0 about <i>any<\/i> email that requests users to enter credentials (user name and password)<\/li><\/ul><h3>What do I do if I receive a suspicious email?<\/h3><ul><li><b>FORWARD ALL SUSPICIOUS EMAILS TO\u00a0<\/b><b><a href=\"mailto:HELPDESK@SAUMAG.EDU\">HELPDESK@SAUMAG.EDU<\/a><\/b><\/li><li>When an email asks for some type of action, a good practice to avoid phishing attempts is to open a web browser and type in the known web address rather than clicking on a link in an email.<\/li><li>Do not open attachments or click links on suspicious emails.<\/li><li>ITS can evaluate an email, the sending IP address, and help determine the authenticity.<\/li><\/ul><h3>Use Unique Passwords<\/h3><p>It is best to <b>not use <\/b>the same password or a combination of the same password for all apps. If one phishing attempt is successful, the attacker has \u201ckeys to your kingdom.\u201d<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-cd8d35a\" data-id=\"cd8d35a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2df4fc6c elementor-widget elementor-widget-text-editor\" data-id=\"2df4fc6c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3>How can you identify a phishing phone call?<\/h3><p>Be suspicious:<\/p><ul><li>\u00a0 about any phone call you receive asking for coworker information<\/li><li>\u00a0 about any phone call for which the caller sounds like a coworker but asks for unusual activity<\/li><li>\u00a0 about any phone call alerting you to fraudulent activity on an account but the caller cannot \u00a0 provide YOU with detailed <i>account<\/i> information<\/li><li>\u00a0 about any phone call threating legal action if you do not comply with demands<\/li><li>\u00a0 about any phone call that is identified as <i>spam<\/i>.<\/li><\/ul><h3>Did you know:<\/h3><ul><li>Networks have been compromised because a phisher was savvy enough to deceive a company employee who simply answered a call, trusted the caller, and supplied critical information.<\/li><li>The power of AI will cause a rise in fraudulent phone calls imitating voices of real coworkers.<\/li><li>Phishers are capable of spoofing real phone numbers, making phishing phone calls seem valid.<\/li><li>Phishers can sound so convincing during a phone call that by preying on fear, they can convince users an account has been compromised, (such as an Amazon account or a credit card account), causing users to provide the necessary personal information to the phisher that a genuine hack can be accomplished.<\/li><\/ul><p><i>If you receive a suspicious phone call, hang up. If necessary, call the company, coworker, etc., and inquire about the subject matter for which the suspicious phone call was referencing.<\/i><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8434971 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8434971\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-228b986\" data-id=\"228b986\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9d2e3ee elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"9d2e3ee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bf5055e elementor-widget elementor-widget-heading\" data-id=\"bf5055e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Cybersecurity Awareness Training Policy: Phishing<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-4da0686 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da0686\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-990d9ee\" data-id=\"990d9ee\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a571fd2 elementor-widget elementor-widget-text-editor\" data-id=\"a571fd2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Annually, cybersecurity training resources are provided to SAU employees in the Faculty\/Staff Virtual Center. Completion of training videos and educational material is an essential tool each member of the SAU community can use to avoid unnecessary risk to the network.<\/p><p>The SAU ITS cybersecurity specialist leads our phishing training efforts by participating in the industry standard practice of routinely conducting phishing email campaigns as a method of evaluating network risk.<\/p><p><strong><em>What happens if a user enters credentials when requested in a simulated phishing campaign?<\/em><\/strong><\/p><ul><li>Users who enter data, such as an SAU username or password, into a form when prompted in a phishing campaign receive educational feedback and are required to complete a 30-minute training session within two weeks of the assigned training session.<\/li><li>If a user enters data a second time (which could occur during a single campaign), two additional training modules will be assigned and must be completed within a 24-hour window once notified or the user account will be disabled at the end of the workday during which the 24-hour window expires. <em>The user may contact the cybersecurity specialist to request additional time. Contact information is provided in the assignment email. If the cybersecurity specialist is not contacted to request additional time, the user is blocked from the network until completion, and the employee\u2019s vice president is notified as requested.<\/em><\/li><li>If a user enters data a third time, the vice president and supervisor meet with the employee to discuss the importance of cybersecurity awareness.<\/li><li>Should an employee enter data four or more times during a phishing training campaign, the employee\u2019s vice president determines personnel actions, if any. ITS does not have any jurisdiction regarding personnel matters.<\/li><\/ul><p>The purpose of phishing campaigns is to enhance SAU\u2019s cybersecurity posture and reduce risk.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-378bfb7\" data-id=\"378bfb7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ab1455a elementor-widget elementor-widget-image\" data-id=\"ab1455a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/web.saumag.edu\/its\/files\/2024\/02\/Picture2.png\">\n\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"768\" height=\"335\" src=\"https:\/\/web.saumag.edu\/its\/files\/2024\/02\/Picture2-768x335.png\" class=\"attachment-medium_large size-medium_large wp-image-1539\" alt=\"\" srcset=\"https:\/\/web.saumag.edu\/its\/files\/2024\/02\/Picture2-768x335.png 768w, https:\/\/web.saumag.edu\/its\/files\/2024\/02\/Picture2-300x131.png 300w, https:\/\/web.saumag.edu\/its\/files\/2024\/02\/Picture2-1024x446.png 1024w, https:\/\/web.saumag.edu\/its\/files\/2024\/02\/Picture2.png 1375w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Educational feedback that may be displayed to users who click on a simulated phishing test<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Cybersecurity Awareness: Phishing https:\/\/www.youtube.com\/watch?v=sEMrBKmUTPE&#038;ab_channel=SANSOffensiveOperations What is phishing? A spoof on the sport of fishing, phishing is a cyber attacker\u2019s method of casting \u201cbait\u201d to \u201ccatch\u201d valuable information. The valuable information can then be used to reel in the prize. Phishers can make emails look very authentic, duplicating images and landing pages. How can you spot&#8230; <a class=\"more-link\" href=\"https:\/\/web.saumag.edu\/its\/information\/policies\/phishing\/\"> Read More<\/a><\/p>\n","protected":false},"author":564,"featured_media":0,"parent":63,"menu_order":46,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":"","_links_to":"","_links_to_target":""},"class_list":{"0":"post-1538","1":"page","2":"type-page","3":"status-publish","5":"entry"},"_links":{"self":[{"href":"https:\/\/web.saumag.edu\/its\/wp-json\/wp\/v2\/pages\/1538","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/web.saumag.edu\/its\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/web.saumag.edu\/its\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/web.saumag.edu\/its\/wp-json\/wp\/v2\/users\/564"}],"replies":[{"embeddable":true,"href":"https:\/\/web.saumag.edu\/its\/wp-json\/wp\/v2\/comments?post=1538"}],"version-history":[{"count":3,"href":"https:\/\/web.saumag.edu\/its\/wp-json\/wp\/v2\/pages\/1538\/revisions"}],"predecessor-version":[{"id":1618,"href":"https:\/\/web.saumag.edu\/its\/wp-json\/wp\/v2\/pages\/1538\/revisions\/1618"}],"up":[{"embeddable":true,"href":"https:\/\/web.saumag.edu\/its\/wp-json\/wp\/v2\/pages\/63"}],"wp:attachment":[{"href":"https:\/\/web.saumag.edu\/its\/wp-json\/wp\/v2\/media?parent=1538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}