You’ve probably seen the emails urging you to change your account settings. But have you ever wondered if it is a real email or a scam trying to get your information?       

If you’ve felt this way, you’re not alone. In 2011, 165 Georgia Tech accounts were compromised by users providing their information to fraudulent messages.

That’s why the Office of Information Technology (OIT)’s information security team has come up with a creative way to educate the campus community.

“OIT is partnering with our units at Tech to educate faculty and staff about scam emails that seek to capture your personal information,” said Jason Belford, principal information security engineer. “The information we’re sharing can be helpful to people when it comes to both their professional and personal email accounts.”  

When a unit volunteers to participate in the exercise, representatives from the unit and information security work together to create a list of recipients for a fake phishing email.
If a person responds to the email with their username and password, he or she receives an immediate message to let them know that had the email been an actual phishing attempt, “bad guys” would have the employee’s account information, Belford added.

“If you respond to the fake email and receive our response message, don’t worry — you won’t get in trouble,” Belford said. “We’re just trying to reach out to people who are confused about which emails are legitimate and which emails aren’t before it’s too late.”

Following the email exercise, information security also conducts a 15-minute training session with the unit’s faculty and staff that provides tools to help distinguish legitimate messages from phishing scams.  

“The training has been very effective,” Belford said. “After training one particular unit, I even received a call about a phishing message a person had received. He was the first one to let us know and helped prevent others from possibly falling for it.”  

To participate in this program, email ask.infosec@gatech.edu.