By Maria Gosselin
“I still don’t know what I clicked on or did. But for months now, people keep complaining about emails they get from me that I didn’t send. With links to strange websites.”
Previous Reporter articles have discussed the dangers of phishing, how to identify phishing emails, and what you can do to protect yourself. But until we’ve personally experienced the effect phishing can have, we tend to underestimate the damage it can cause. Either because we’re too busy, uninterested, or trust in technology to keep us safe, we ignore an ever-escalating threat to us, and by extension, everyone we’re linked to.
For years, McGill’s IT Services has conducted campaigns to increase awareness of the dangers of phishing, but when they conducted their first phishing simulation earlier this year, one out of six recipients clicked on the fake link in a mock phishing email. The McGill community is targeted by hundreds of phishing emails on a yearly basis, many of which can be hard to recognize and identify. As a community, we need to take action to ensure we are aware of the risks, and know how to spot them.
To meet that goal, IT Services has both a request, and an announcement.
If you’ve ever been the victim of a phishing scam, please share your story. In our next Reporter article on phishing, we’ll share a selection of the stories we receive – anonymously, of course. Facts and statistics can bore many of us; personal stories resonate.
In the next few weeks, IT Services will launch a second phishing simulation.
“We understand that it can be frustrating and annoying,” said Ghilaine Roquet, Chief Information Officer in IT Services, “but please know, we’re not doing this out of any malicious intent; everyone on the team has seen firsthand the effect of falling for a phishing scam, and our goal is to do our best to prevent others from having to go through the same.”
“We’d rather you fall for one of our emails and learn from it, than learn the hard way, as some of us have.”
Case studies show that engaging in a simulated phishing attack is far more successful in preventing users from falling for real phishing scams then just encouraging them to read about the dangers, or take a training course.
“At the end of the day, whatever method works for you, as long as you can defend yourself against online threats, you help make McGill a safer place for everyone,” Ms. Roquet said.
For more information on how you can protect yourself and spot phishing scams, see:
- Report suspicious emails to the IT Service Desk
- Take the IT Security Awareness Online Course
- Phishing scams and how to protect yourself
- Stay Safe Online
- Stay safe when using your mobile device