Information Security: UW System Phishing Email Simulations

The University of Wisconsin System Administration has a system-wide phishing awareness education program in which simulated phishing email messages are sent to all faculty and staff in the UW System. This article contains a history of some phishing email simulations that have been sent: a screen shot of the email as it was sent out followed by a screen shot explaining how you can tell the email was a phishing attempt. Also included is our phish rate which is the percent of people that clicked on a link in the email and our rate compared to other UW institutions.

Comparison to Other UW Instutions: Key

Ranking Note
Top 25% Best category to be in. Yay!
Top 50% We can do better. Let's go!
Bottom 50% Argh. We can do this!
May 2024
  • Phish rate: 0.55%
  • Phish rate compared to other UW institutions: Top 50%

The Email

Uploaded Image (Thumbnail)

 

  • QR codes in emails can be a red flag. It is wise to avoid scanning them altogether if you did not ask for it to be sent to you. Legitimate messages will typically give you alternatives to scanning a QR code.
  • The email is not a UWRF or Microsoft address.
  • There are misspellings/grammatical errors including “Were,” “Please ensure follow the instructions carefully,” “Micrsoft,” and “gude.” Do keep in mind that, just like using real branding, a lack of misspellings does not mean the message is safe. Scammers are using AI to craft convincing emails in multiple languages.
Uploaded Image (Thumbnail)
July 2023
May 2023
March 2023
January 2023
November 2022
October 2022
September 2022
August 2022
July 2022
Print Article

Details

Article ID: 145823
Created
Mon 8/15/22 4:32 PM
Modified
Tue 6/18/24 8:21 AM