Phishing Awareness Program

Welcome to Our Phishing Awareness Program

It seems like every time you read the news, another organization has suffered a data breach. One of the most effective ways for attackers to gain unauthorized access to an organization is through phishing emails. In fact, 91 percent of all breaches start with one of these emails, according to industry experts.

If such an email lands in one of our inboxes, we may be a click away from compromising San Jose State University’s security. Faculty and staff members are an integral part of our information security protocol. To help prevent this attack method from being successful we are about to begin a new, immersive phishing awareness program.

What Does the Program Entail?

As part of this new program you will periodically receive simulated phishing emails that imitate real attacks. These emails are designed to give you a realistic experience in a safe and controlled environment that does not put the university at risk for a security breach. You will become familiar and more resilient to tactics used in real phishing attacks.

While there is no penalty if you fail to recognize one of the simulation emails, we will provide you with 30 to 60-second videos and other educational material that will help you to recognize phishing emails in the future.

As the program progresses you should be able to better spot phishing attacks, both at home and in the workplace.

What To Do If You Receive a Simulated or Real Phishing Email

Although your first instinct might be to delete or ignore suspicious emails, we ask that you report them.  If you ever suspect an email to be a phishing attack, use the "Report Phishing" and "Report Spam" buttons inside Google. If you think you have been compromised, email the Information Security Office at security@sjsu.edu or call (408) 924-1530.  If you’ve been targeted by a phisher, chances are your coworkers have been too.  By reporting suspicious emails, you can keep our organization safer as a whole.

You’ll learn more in the coming days about the warning signs of a phishing attack. If you spot a red flag, reporting the suspicious email is the first step in mitigating the damage it may cause.

The Dangers of Phishing

Chances are you've received a few general phishing emails in your personal or work-related inbox before. These emails are sent to the masses, with the hope that just a few of the thousands or millions of recipients fall victim.

Phishing emails, by contrast, are targeted attacks that take advantage of personal and professional relationships, organizational hierarchies, and human curiosities. These emails pose a unique threat, as their high level of customization can lead them past even the best technical controls.

In today's world, it's a necessity to work online, and phishers will use the information we post to trick us into clicking a link, opening an attachment, or entering sensitive information into legitimate-looking websites.

In Summary

In the coming days, we’ll be running a comprehensive phishing awareness program. By taking a proactive stance, we hope to help you learn how to spot and report potentially dangerous emails so we can keep our university safer.

Thank you for your time. If you have any questions about this training program, please contact: Information Security Office at security@sjsu.edu or call (408) 924-1530.