Simulated Phishing Training

Simulated Phishing Training is a recognized approach for cybersecurity awareness and training to reduce risks associated with phishing.  Simulated Phishing Training consists of generating emails that resemble real phishing emails we have received, and sending 3-4 such simulated phishing emails to UVic email accounts on a monthly basis. If the recipient ignores the email/does not click, as intended, then there is no further action. If the recipient interacts with the message, such as clicking on a simulated phishing link, they will be presented with just-in-time training page (see below for sample) with some tips on how to tell the message was not legitimate so that they can better detect similar messages in the future.

The system will not share individual results on who clicks or provides credentials, nor will it capture any supplied credentials or passwords.  We will only report at an aggregate institutional level on the  percentage of individual recipients who clicked relative to emails sent. The reporting will assess the effectiveness of the training approach and whether individuals are responding less frequently to phishing emails. These overall results will help us determine whether relative risk due to phishing is increasing or decreasing, so our cybersecurity program can respond appropriately.

If you have any questions, please contact the Computer Help Desk. See Information Security Office for more information about our cybersecurity program.

Training Page Sample
Sample Just in Time Training Page