The University’s Information Technology Services and the Information Security, Policy and Records Office will continue to use phishing simulation exercises to promote cyber safety and awareness for cyber scams.
Last semester one such exercise was conducted, and most students did not fall victim to the scam simulation, Chief Information Security Officer Jason C. Belford said in an email statement.
“We are optimistic about the results from last semester: some users fell for the phish, although most of did not,” Belford said. “Those who got phished received immediate online training.”
Studies have shown that the number of people falling for phishing simulations will decrease over time with repeated awareness exercises, Belford said. The exercises are meant to protect students from internet hacking which can occur on fake Netbadge sites.
“One of the most common ways accounts are compromised are with emails like this that trick people to enter their password into a site that is not the site they think it is but is a mock-up site set to look like say the Netbadge login page,” Computer Science Prof. David Evans said.
In an email sent to students Feb. 7, Belford said the phishing simulation would be conducted so students could understand the risks of scamming.
“We want to help our users keep their information secure,” Belford said. “For example, if a cybercriminal were able to get a username and password, which they have been successful through using phishing techniques, then they have the same access the user does with the same username and password.”
The phishing simulation was initiated because student emails had been repeatedly targeted by fraudulent attackers, Belford said.
“Most of the recent breaches, phishing emails or email scams, were determined to be the source.” Belford said. “The University's goal is to educate people about how to better recognize fraudulent, malicious emails.”
The University is taking several other steps to ensure students are protected, Belford said. The University Board of Visitors has funded SecureUVA, a security program which empowers the University to implement projects to help reduce cyber risks.
“There are almost three dozen SecureUVA technical and non-technical projects that are being implemented to protect the U.Va. community from cyber attacks,” Belford said.