Back in January, we ran our first phishing campaign to establish a baseline of phish-prone users. As a reminder, a user is considered phish-prone if they clicked on a link or opened an attachment within a simulated phishing email.
The baseline percentage of phish-prone users was 20.8%. We have since run campaigns once a month, and the latest campaign’s results were 14.0%. The number of phish-prone users is slowly going down, and we hope to see that trend continue in the coming months.
To help you better identify phishing emails, we would like to introduce a new service called Phish Bowl. This service can be accessed by visiting phishbowl.utc.edu. This page displays the latest phishing emails going around and stays updated thanks to the effort of users who report phishing emails to security@utc.edu.
Next time you receive a suspicious email, check phishbowl.utc.edu first to see if anyone else has reported the same thing. If you are still unsure, you are always welcome to forward the email to security@utc.edu or reach out to the IT Help Desk with questions.
We have also updated our phishing page with guidelines for analyzing the legitimacy of an email.
The bottom line- if you SEE something, SAY something – report it to security@utc.edu or, as you should for ANY IT incident, call the IT Help Desk at 423-425-4000.