--------8<----------------
Dear Colleagues,
Some alarming news - we are going to try and phish you using email in the next 4 weeks.
This is being done to understand how resilient our first and last line of defence, you, are in resisting malicious actors. We don't do this lightly and we are already behind the scenes using technology to delete 552,000 emails per month.
We realise that all security makes your lives a little bit harder - but if we weren't to do this the consequences are potentially devastating. We also know the technology is not perfect, and we quarantine another 555,000 emails that appear honest, but in actual fact your interaction tells us only 0.16% (or 907 in total) were. We simply can't turn these filters up any more or you would not be able to work and this is where you come in to protect the University. These eased off filters however leave us more open to attack.
It would be unfair of us to launch a phishing attack without alerting you and give you the opportunity to refresh your counter phishing skills - so shortly you will receive an invitation to undertake some training - it will come from an external address - so you might normally delete it and please feel free to do so, but if you want the refresher then look out for the source address of notification@attacksimulationtraining.com. This is not spam. The training will be offered this week.
The phishing will happen in the next 4 weeks, so be on the lookout for it. You don't need to alert the IT Helpdesk when you spot it. A simple delete will be admirable.
Kind regards,
Digital Innovation and Technology Services
University of Essex
--------8<----------------
The training was indeed offered that week and I did indeed delete it.
I deleted the second offer, too, on the grounds that it could have been the actual phishing attempt.
It probably wasn't, but they really shouldn't send these things on a Friday afternoon or a Monday morning.