Simulated exercises: spot, dodge phishing

January 9, 2024
1 min read

TLDR: Simulated exercises conducted by the University of Utah’s Information Security Office (ISO) are helping users identify and avoid phishing attacks. The exercises aim to educate users about the common red flags indicative of phishing emails and increase awareness of the techniques used by cybercriminals to elicit personal information, install malware, and gain unauthorized access to systems. The ISO emphasizes that the simulated phishes do not capture or leak usernames and passwords and that a threat actor does not gain any information. Instead, the exercises provide a safe environment for users to learn what to look for and practice how to report malicious messages. Users who open links in a simulated phish are enrolled in security awareness training, which covers key tactics used in each exercise. The ISO reminds users to be cautious and to report any suspicious emails using the Phish Alert button. By reporting phishing attempts, users can help the SOC remove the malicious messages from other inboxes and prevent potential cybersecurity crises.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and