Overview
The purpose of phishing attack simulation campaigns is to test the college’s security policies and practices, as well as to train everybody to increase their awareness and decrease their susceptibility to attacks. A phishing simulation campaign sends out fake phishing emails to train users on how to identify and respond to them.
The simulation will be benign and will not cause any harm to our systems or data. It will be conducted periodically in a controlled environment and will be monitored by Technology Services.
Campaign
There is not a single campaign, but a continuous evaluation throughout the year. This allows use to evaluate our security posture and gauge our response, find knowledge gaps, and developing improvement actions for the program. There are a varied of different phishing attacks with a built expectancy for failure based on the specified attack, so don't worry if you did not respond as expected, just report it.
Fake Phishing emails will be sent out periodically to Faculty, Staff, and Students. Technology Services will use this as a training tool to test our incident response procedures.
The goal is not only to prevent but also know what to do when something that does not go as expected.
Training
There are 2 types of training that happen with the simulation tool we use. One is real-time remediation and the other is module based.
- Real Time Remediation: If a user interacts with a phishing email, it will provide a post pop-up sessions that informs you of what indicators would have helped identify the phish attack and how to respond.
- Module Based: Based on the incorrect actions taken, short training modules will be assigned automatically that correlate with the action taken.
Questions
Contact the Technology Services Team by the following:
- Email: SOC@alfredstate.eduOverview
Resources
Get started using Attack simulation training | Microsoft Learn