One phish, two phish, red phish, blue fish

Protect yourself and your colleagues with PhishMe tools, IU’s newest defense in the fight against cyber crime

With some sources estimating that 90 percent of all security breaches start with a phishing attack, it’s crucial that everyone at IU—students, faculty, and staff—know how to spot a phish, avoid getting “hooked,” and report it to IU’s cybersecurity professionals.

UITS recently signed with vendor PhishMe to provide a suite of tools including PhishMe Simulator, Reporter, and Training, all designed to help you become smarter about phishing.

PhishMe Simulator is a phishing scenario tool for helping employees recognize and report malicious phishing emails. Using this tool, departments create simulated real-life phishing scenarios that deliver on-the-spot education opportunities. PhishMe scenarios recreate various real-world attack techniques, and if the user clicks the link it takes them to a custom page explaining what to look out for to avoid falling for a future phish. It can also redirect them to a training module on Canvas. Reports and analytics are generated for each scenario with key statistics about user responses.

Interested? PhishMe Simulator costs $6 per user per year. If you’re on the fence, be sure to take advantage of a new 30-day trial before buying licenses for your group.

For no-cost training, PhishMe Reporter is a good option. It’s a one-button email reporting tool for users running Outlook on PCs and Macs. PhishMe Reporter gives immediate feedback to the user, deletes the suspected phish or spam from the inbox, and forwards the email message to the IU IT incident response team with full headers. This tool is currently available in IUware for download under the “security” category and will be available in Outlook on IUanyWare and for bulk deployment via Casper and SCCM in the near future.

Thanks to tools like Reporter, the University Information Policy Office has seen a massive increase in the number of suspicious emails sent their way, from just 811 in 2015 to more than 3,335 (so far) in 2017.

Do you prefer to learn about phishing in a course-like setting? We are currently hosting 19 computer-based training modules in IU Expand, the university’s e-learning service. You’re encouraged to select individual courses and combine them with others to create a private course page and certification path specific to your department.

Topics of the training modules include:

  • Malware
  • Malicious links
  • Mobile device security
  • Ransomware
  • Social engineering
  • Spear phishing

If you’re interested in the PhishMe tools, email the IT Community Partnerships team and we’ll help you get started.