OIT Uses Fake Phishing Emails to Educate Campus

Contact

OIT Information Security

Sidebar Content
No sidebar content submitted.
Summaries

Summary Sentence:

You’ve probably seen the emails urging you to change your account settings. But have you ever wondered if it is a real email or a scam trying to get your information?

Full Summary:

You’ve probably seen the emails urging you to change your account settings. But have you ever wondered if it is a real email or a scam trying to get your information?

You’ve probably seen the emails urging you to change your account settings. But have you ever wondered if it is a real email or a scam trying to get your information?       

If you’ve felt this way, you’re not alone. In 2011, 165 Georgia Tech accounts were compromised by users providing their information to fraudulent messages.

That’s why the Office of Information Technology (OIT)’s information security team has come up with a creative way to educate the campus community.

“OIT is partnering with our units at Tech to educate faculty and staff about scam emails that seek to capture your personal information,” said Jason Belford, principal information security engineer. “The information we’re sharing can be helpful to people when it comes to both their professional and personal email accounts.”  

When a unit volunteers to participate in the exercise, representatives from the unit and information security work together to create a list of recipients for a fake phishing email.
If a person responds to the email with their username and password, he or she receives an immediate message to let them know that had the email been an actual phishing attempt, “bad guys” would have the employee’s account information, Belford added.

“If you respond to the fake email and receive our response message, don’t worry — you won’t get in trouble,” Belford said. “We’re just trying to reach out to people who are confused about which emails are legitimate and which emails aren’t before it’s too late.”

Following the email exercise, information security also conducts a 15-minute training session with the unit’s faculty and staff that provides tools to help distinguish legitimate messages from phishing scams.  

“The training has been very effective,” Belford said. “After training one particular unit, I even received a call about a phishing message a person had received. He was the first one to let us know and helped prevent others from possibly falling for it.”  

To participate in this program, email ask.infosec@gatech.edu.

Related Links

Additional Information

Groups

Whistle

Categories
Institute and Campus
Related Core Research Areas
No core research areas were selected.
Newsroom Topics
No newsroom topics were selected.
Keywords
email, email scams, information security, Office of Information Technology, oit, phishing, phishing scams
Status
  • Created By: Amelia Pavlik
  • Workflow Status: Published
  • Created On: Jul 3, 2012 - 6:16am
  • Last Updated: Oct 7, 2016 - 11:12pm