Simulated Phishing Results

Dear Members of the Hobart and William Smith Community –

I write to share with you the results of an important information security test that was recently conducted at the Colleges. Security and data breaches are routinely publicized in the media, and HWS is not immune to these risks as hackers attempt to gain access to our systems and information through a variety of methods. One technique used is known as “Phishing”, which is one of the most common and easily avoidable security threats, usually carried out through a malicious email. From October 21 – 25 a simulated phishing email was sent to all students, faculty, and staff with an HWS email account. The document attached to this email shows the simulated phishing email, and is annotated to highlight the items that were clues that this was a phishing attempt.

The most important result from this test was that 282 members of our community fell victim to the simulated phishing attempt by clicking on the link and entering their HWS credentials. Had this been a real scam, hackers would have stolen the usernames and passwords from the 282 individuals (270 students and 12 faculty/staff) and increased the risk of HWS being the target of a cyber-attack.

This is the fifth year that this test was conducted, and it was done with the support of the Colleges' Senior Staff and Institutional Review Board (IRB). The simulation was carried out by GreyCastle Security as part of our overall information security program. In no case was any member of the HWS community exposed to the risk of compromising confidential or sensitive information, or punitive action during the simulation.

It is important that all members of the HWS community develop a basic awareness of phishing threats to collectively protect our digital assets, personal information and institutional reputation. As a reminder, you can always contact the Help Desk if you ever question the authenticity of an email message.

Thank you for taking the time to learn about the phishing simulation and for remaining vigilant in protecting the Colleges from cyber security threats.

Regards,

Fred Damiano
Chief Information Officer and Vice President of Strategic Initiatives


 

Preparing Students to Lead Lives of Consequence.