Opt-in Phishing Awareness Program

This article describes how to sign-up for the UMS:IT's Phishing Training.

Instructions

Welcome to Our New, Opt-In Phishing Awareness Program !

Powered by Cofense PhishMe

The UMS Logo A hand touching the tail of a fish as a metaphor for a person clicking on a phishing email 

One of the most effective ways attackers gain unauthorized access to an organization is through phishing emails; in fact, 91% of all breaches start with them, according to industry experts. If such an email lands in one of our @maine.edu inboxes, we're just a click away from compromising the University’s security which means that you and your co-workers are an integral part of our information security posture. To help prevent this attack method from being successful we have begun a new, immersive phishing awareness program.

Thank you for signing up! (note: if you are just hearing about this training now, and are a UMS employee, please send an email to infosecurity@maine.edu with the subject line: “Phishing training request” to get signed up -- please keep reading for details)

How will the program work?

In this new program you will periodically receive simulated phishing emails that imitate real attacks. When you detect one of these simulated phishing emails, you’ll report it to us.

The Cofense PhishME platform allows Information Security Office staff the ability to schedule a variety of types of phishing simulations to be sent to your @maine.edu account. These emails are designed to give you a realistic experience in a safe and controlled environment. This method allows you to become familiar and more resilient to tactics used in real phishing attacks.

 1: You will install the Cofense/Phishme Reporter add-on for Gmail. (follow these installation steps)

The right icon bar of Gmail after the Cofense Reporter Add-on has been installed. The Cofense Reporter Icon is circled.

2: You must sign the Google Form to confirm you have complete step #1:
https://forms.gle/s3PssVJ1dAPmY3q69

3: You will use the Reporter button ( The Cofense Phish Reporter Icon  ) when you detect a suspicious email in your inbox. The Reporter will be found in the right-hand bar of Gmail with other add-ons you may have authorized, looking something like the following:

4: The Reporter will give you immediate feedback specific to the type of email you’ve detected. If it’s a simulated phish, you’ll be congratulated. If it’s any other suspicious email, it will be forwarded to the Information Security Office via phish@maine.edu, and you’ll be reminded how you can report this email to Gmail.

Remember: 

There is no penalty to falling for one of the simulations. All we ask you to do is take a few moments to understand the educational material that accompanies most of the phishing simulations. This could be an infographic with useful insights into how to avoid the next phishing email, a video on a specific type of phishing scam, or other feedback to improve your phish detection acumen.

In summary:

Thanks again for opting in to this phishing awareness program. We are excited to offer you the opportunity to learn in a new, interactive way. Any time after signing up, you can expect to receive at least 1 or 2 phishing emails per month. And remember, the Reporter button will be the method you use to identify the test phishing emails, and please use it to report other suspicious emails to us. The Reporter will give you immediate feedback on which type of email you have detected. 

By taking a proactive stance and learning how to spot and report potentially dangerous emails, we can keep our organization safer. 

Thank you for your time. If you have any questions about this training program, please contact: US:IT Information Security Office at infosecurity@maine.edu

Environment

  • Gmail