The following email was distributed to Augusta University staff on Monday, Dec. 12, 2016:
Augusta University recently conducted two assessments of our susceptibility to phishing. The fake message in the image below was sent to faculty, staff and students to help determine the likelihood that our community might fall victim to a phishing attack. The result is a baseline that serves to measure the effectiveness of our awareness efforts. We have conducted two such tests since May of this year.
In May 2016, the link in the fake message was clicked by 10 percent of the individuals who received it. In the more recent test, the link was clicked by only 6 percent of the individuals who received it.
While this is an improvement, we’d like the percentage to be closer to zero. The message below had several strong indicators to suggest it was not authentic:
1. It was from o365Admin@augustaedu.com instead an augusta.edu address.
2. The message contained grammatical errors.
3. The link contained within the message pointed to a numeric address rather than an augusta.edu address. If you hover over a link with your mouse pointer without clicking, you can see where the link will take you. Note the second line of the link in the example below where it shows url=http://18.104.22.168. A valid message would, instead, have shown an address ending with augusta.edu.
Please be vigilant and forward all suspicious messages to firstname.lastname@example.org.
Thank you for your continued cooperation!
Chief Information Security Officer
For more information about the dangers of phishing, read Think you know how to avoid Phishing scams? Think again.