Phishing Awareness Training Campaign

Information securityInformation security

The purpose of phishing awareness training is to raise security awareness and educate UVic faculty and staff on the dangers of phishing scams, how to avoid malicious hackers, how to protect your personal information, how to avoid sending email that may look like phishing to others, and how to minimize the risk of phishing to the university.

Nav Bassi, Senior Director of Academic & Admin Services, breaks down cybersecurity by answering five common questions about this important topic. For more details see the full InsideIT blog article.


Visit our Phish Bowl page to see examples of phishing and malicious emails that the UVic Information Security Office has analyzed.



Information sessions

To arrange an information for your department or group, please send a request to chdtrain@uvic.ca, or you can view this short video (16 mins).

Note:  The information in the video is the same as what is presented at the information session.



Online training via Brightspace

UVic faculty and staff can click on the registration button below to self-register for online phishing awareness training:

Register for online training in Brightspace


Simulated Phishing Training

Simulated Phishing Training is a recognized approach for cybersecurity awareness and training to reduce risks associated with phishing.  Simulated Phishing Training consists of generating emails that resemble real phishing emails we have received, and sending 3-4 such simulated phishing emails to UVic email accounts on a monthly basis. If the recipient ignores the email/does not click, as intended, then there is no further action. If the recipient interacts with the message, such as clicking on a simulated phishing link, they will be presented with just-in-time training with some tips on how to tell the message was not legitimate so that they can better detect similar messages in the future.

The system will not share individual results on who clicks or provides credentials, nor will it capture any supplied credentials or passwords.  We will only report at an aggregate institutional level on the  percentage of individual recipients who clicked relative to emails sent. The reporting will assess the effectiveness of the training approach and whether individuals are responding less frequently to phishing emails. These overall results will help us determine whether relative risk due to phishing is increasing or decreasing, so our cybersecurity program can respond appropriately.

If you have any questions, please contact the Information Security Office.