Phishing Simulations and Training from ITS

Approximately 90% of cyber attacks begin with a phishing email and all Clark community members can help protect our information resources by being able to identify and ignore suspicious emails. To support this, ITS has partnered with KnowBe4, a security awareness training and simulated phishing platform to offer an on-going security awareness campaign.

This campaign helps to educate the Clark community through a broader lens of understanding how hackers can steal your personal information, and track your movements. Our campaign works to encourage change across Clark while empowering and equipping users with the tools to protect the physical, and digital data of the University.

Through the KnowBe4 software, Clark members will be sent several ‘simulated phishing’ messages over the course of each semester. These simulated phishing emails are based off malicious emails that a hacker would send you.

Since launching the campaign in July of 2021, institutional risk related to users being ‘phish prone’ (those who are likely to fall for simulated phishing emails) has decreased by 13%.

What will happen if I open a ‘simulated phishing email’?

If you open an email which was sent through our KnowBe4 system, nothing dangerous will happen. It is up to you to report it using the Phish Alert button (click here to learn more about how to use the Phish Alert button).

However, if you click a link within the body of the message, download an attachment, or forward the email to someone else (including to the Help Desk), you will be directed to a landing page (similar to below) letting you know that this was a simulated email from KnowBe4. This page will alert you to why this email should seem ‘phishy’ to you, and what steps you can take in the future to more quickly identify it as malicious. Additionally, you will be asked to watch a 2-minute video about phishing.

In addition to the short video, you will automatically be enrolled into Clark’s Cybersecurity Training Course. This course which is also done through our KnowBe4 system, can be accessed using the link provided in an email that you will receive (similar to below)

What do I need to know about the training?

Training typically consists of two modules which take approximately 10 minutes to complete, and will provide you with tips and tricks to spot and avoid clicking on phishing emails in the future. Failure to complete the assigned trainings will result in continued notification reminders.

What happens if I click on more than one ‘simulated phishing email’?

Don’t worry, it happens to us all! With phishing emails getting more sophisticated and trickier than ever, we understand that you may accidentally click on one. If this happens, you will be auto-enrolled into another Cybersecurity Training. However, each time you are enrolled, you will be presented with a more detailed course. More than 3 incidents in one academic semester may result in a user having a conversation with their supervisor and/or ITS to help ensure we can best protect our information resources.

I reported the simulated phish by clicking the Phish Alert Button

Congratulations! You outsmarted the hackers. If you properly spot and report a simulated phishing email, you will receive a notification on a job well done, and a HUGE thank you from Clark ITS in helping to keep Clark safe from potential cyber-threats.