UNIVERSITY PARK, Pa. — Cybercrime continues to make national news headlines, with security breaches from top-tier organizations affecting millions of customers worldwide. The financial impact on individuals who surrender user names and passwords to cybercriminals can amount to tens of thousands of dollars, often before the user realizes they’ve been compromised.
In our own community, Penn State remains a highly-targeted institute within the Big 10 Conference. The University blocks more than ten thousand malicious emails daily, but inevitably some content still makes it through to inboxes. Educating faculty and staff on how to recognize and protect themselves from malicious attempts to steal personal information (“phishing”) remains a top priority for the Office of Information Security (OIS).
OIS’s self-phishing campaign, the first of its kind for Penn State, hopes to accomplish some of these educational goals. Prevention offers the first line of defense against cyberattacks. Teaching faculty and staff to recognize certain hallmarks of phishing attempts will help to reduce the threat of compromise, making the University’s valuable information (including employees' personal information) more secure.
In the coming weeks, OIS will send a “phish” to all faculty and staff members. A “phish” is a suspicious email that attempts to lure the recipient into giving up personal information, such as your access ID, password, social security number, or other sensitive information. Faculty and staff are reminded that Penn State will never ask for that information via email. If you do click on the link and enter your information, you will be redirected to a website that explains what you should have recognized in the email. The website will also provide resources on how to protect yourself from phishing attempts in the future.
The intent of the self-phishing campaign is not to shame or aggravate our community but rather to enhance understanding of how cybercriminals operate and to expand their abilities to recognize a phish. OIS will NOT report any individual failures.
Taking a proactive approach and learning how to recognize a phishing attempt may save faculty and staff from the worry, frustration and financial impact of having personal information compromised. Learn more about phishing and how to protect yourself at OIS’s dedicated website: phishing.psu.edu. Visit security.psu.edu to learn about the latest security threats and how to protect yourself online.