Phishing Awareness and Education Campaign

 

 

Phishing Awareness and Education Campaign

Over the last few months, IT Services continue to receive daily reports of email phishing attacks and, unfortunately, a number of Trinity staff and students have provided their username and password details in response to these fraudulent messages.  Those that fall victim to phishing put both Trinity College and themselves at risk.

With this in mind we are now actively running a Phishing Awareness and Education Campaign which will help us learn how Trinity staff respond when they receive a phishing message, so in turn we can help everyone to be prepared and respond better. 

What is phishing? 

In a typical phishing incident, you may receive an email asking you to reset your username and password or stating a fraudulent ‘charge to your account needs your urgent review’ and claiming to be from IT Services or an ‘IT Administrator’ or another familiar organisation such as Bank of Ireland or Apple.  

These messages often look legitimate and may have a ‘plausible’ sender address, some even appearing to come from @tcd.ie email address or may even appear to point to a legitimate website; however, ultimately the recipient will be redirected to a fraudulent website. 

So, what’s happened? 

We are working with external partners, Khipu, who provide a Phishing service for organisations.  The service is a way of bringing awareness to phishing and its consequences as it provides real-time education.  

Last week we sent a phishing message to Trinity staff, with the Subject line  Please verify your TCD user account.  Staff members who clicked on the link in this phishing message and provided their username and password received a follow up email that directed them to a Phishing awareness webpage with further education information including a quiz and a video.

Actual phishing messages can be very sophisticated. Over the coming months, we will send a variety of different kinds of phishing messages and we will be able to share the results with you as the awareness grows across the University community.

To learn more about how to better equip yourself when confronted with a phishing message, please visit the Phishing and Fraudulent Messages section of our website. You can always check the validity of official communications coming from IT Services which are on a secure section of our website, where you will be prompted for your username & password.