Phishing Awareness and Education Campaign Update

Phishing Awareness and Education Campaign Update

As computer users, we all need to be aware of the risk of phishing and ransomware infections.  This type of threat is on the increase and a recent example of this was the Ransomware attack WannaCry which began in May and has affected a great many people across the world.

With this in mind, we have been running the next stage of our Phishing Awareness and Education Campaign focussed on helping us learn how Trinity staff respond when they receive a phishing message with an attachment, so in turn we can help everyone to be prepared and respond better. 

What is Ransomware?

Ransomware is malicious software, or malware, which when installed on your PC can prevent you from using your PC properly. Sometimes the ransomware locks your PC so you cannot access your programs and files but ransomware can also encrypt files on your PC. The software will then demand a ‘ransom’ or payment from you to get access to your programs or files again.

Generally, malware spreads through an email which will ask you to open an attached MS Word or Excel file, PDF document or picture file which is infected; or will provide a link to a website from which it downloads onto your computer.

So, what’s happened now? 

We have continued to work with external partners, Khipu, who provide a Phishing service for organisations.  The service is a way of bringing awareness to phishing and its consequences as it provides real-time education.  

Over the last week, we sent a second phishing message to Trinity staff, from itadmins@tcd-ie.uk with the Subject line Updated Regulations.  This message included a Word document attachment.  Staff who open the document attached to this message, and enabled macros, received a follow up email directing them to a Phishing awareness web page with further education information including a quiz and a video.

Actual phishing messages can be very sophisticated. Over the coming months, we will send a variety of different kinds of phishing messages and we will be able to share the results with you as the awareness grows across the University community

To learn more about how to better equip yourself when confronted with a phishing message, please visit the Phishing and Fraudulent Messages section of our website. You can always check the validity of official communications coming from IT Services which are on a secure section of our website, where you will be prompted for your username & password