Phishing is a complex problem. While the tactics and methods are constantly changing, phishing is a cybercrime that uses digital tools like email, the web, and text messaging to steal confidential information. Phishing emails attempt to deceive recipients into divulging important personal information from users.
In 2021, Carleton students and community members told us, through social media and the ITS Service Desk, that they were seeing a sharp increase in phishing emails to their Carleton inboxes.
ITS responded by committing to a three-pronged approach to combat phishing.
Report Phishing Button
Part of the problem with phishing is knowing how many attempts are coming in, and how they seek to rope in victims. The “Report Phishing” button allows users to easily report phishing emails, providing our Information Security professionals the information they need to prevent future attempts. Users no longer need to manually forward email messages or attachments to the Service Desk to report a phishing message. They can simply click the Report Phishing button on a phishing email, and we’ll do the rest.
And, as we report, the tech behind the Report Phishing button is very cool.
Education is a key element in the fight against phishing, because everyone plays a role in identifying and reporting phishing attempts. In 2021, we launched a Simulated Phishing Initiative in which the community began receiving safe and simulated phishing emails, automatically generated by our systems, to help faculty, staff and students better recognize what a phishing email might look like. There is still much to do in the fight against phishing, but these simulations are a strong start.
Security Awareness Courses
In 2021, we launched our Security Awareness Course through Brightspace, and in partnership with Terranova Security, to teach the community how to stay cyber secure. Students, faculty and staff were invited to enrol in a series of modules that are short, digestible and, most importantly, informative. Topics include phishing, ransomware, Wi-Fi security, social engineering, risky USB devices and much more.
The fight against phishing, and the push for greater security for the entire university, does not end here. In 2022, the Carleton community can expect the rollout of advanced threat protections that will enhance email security for faculty, staff and students by checking the safety of links and attachments. This will be followed by Windows Defender enhancements, digital identity protections, and an encrypted email rollout later in the year. These enhancements will come with the added feature sets, including expanded expanded inbox capacities, a larger OneDrive and licenses to Power BI Pro. With greater security comes greater functionality for all.