Simulated Phishing Results

Dear Members of the Hobart and William Smith Community –

I write to share with you the results of an important information security test that was recently conducted at the Colleges. Security and data breaches are routinely publicized in the media, and HWS is not immune to these risks as hackers attempt to gain access to our systems and information through a variety of methods. One technique used is known as “Phishing”, which is one of the most common and easily avoidable security threats, usually carried out through a malicious e-mail.

From October 20 – 23 a simulated phishing e-mail was sent to all students, faculty, and staff with an HWS e-mail account. The document attached to this e-mail shows the simulated phishing e-mail, and is annotated to highlight the items that were clues that this was a phishing attempt. The simulation was carried out by GreyCastle Security as part of our overall information security program. In no case was any member of the HWS community exposed to the risk of compromising confidential or sensitive information, or punitive action during the simulation.

The most important result from this simulation was that 314 members of the community clicked on the link in the e-mail, and of that number, 179 proceeded to enter their HWS credentials. Had this been a real scam, hackers would have stolen the usernames and passwords from the 179 individuals (171 students and 8 faculty/staff) and increased the risk of HWS being the target of a cyber-attack. A special note of recognition and thanks goes out to the 90 individuals (41 students and 49 faculty/staff) that proactively notified us that this was a potential phishing attempt.

The phishing simulation is an on-going learning and training opportunity that helps remind us of the need to remain vigilant in protecting the Colleges from cyber security threats. If you ever question the authenticity of an e-mail message, please contact the Help Desk or simply forward the fraudulent message to igotspam@hws.edu. And finally, you can always visit our security page that has a variety of resources related to cyber security.

Thank you for taking the time to learn about the phishing simulation.

Regards,

Fred Damiano
Chief Information Officer and Vice President of Strategic Initiatives


 

Preparing Students to Lead Lives of Consequence.