Campaigns
Simulated Phishing emails
The University periodically sends simulated phishing emails to employees to see how they react upon receipt of a scam or phishing email i.e., if malicious domains are flagged, if users spot social engineering, and know not to enable macros or unexpected files. These phishing vulnerability assessments help us to evaluate our security posture and identify key areas to help protect the university from future (genuine) attacks.
Why do we run phishing awareness campaigns?
We have gathered together information from these campaigns so you can see real life examples, as well as find out how well we all did at spotting them.
January 2025 Phishing Campaign #12
On Monday 27th January 2025, the Cyber Security team in Digital Technology Services (DTS) ran the long awaited campaign #12. A record 9939 emails were sent to all staff (with an active Microsoft 365 account). The website was blocked by Microsoft the same day (around 2pm) as so many reports of a malicious email had been sent to them. The website was live for less than 4 hours in total.
Learning actions
- Be aware of the red flags of this particular phishing email so you know what to look out for in future attacks
- Report the phish as soon as possible, even if you are unsure, to DTS so that in the event of real phish attack we can stop spread by automatically removing similar emails from other users' inboxes and we can check your account for compromise.
- This attack hoped that you would click the link without checking, and the purpose was to gather your username and password. Any email asking for these details needs to be viewed as potentially malicious.
Training
(UoR Learn, search for digital skills - security)
(LinkedIn Learning, 1h)
(DTS Blog)
September 2023 Phishing Campaign #11
Between Wednesday August 30th and Monday 11th September 2023, the Cyber Security team in Digital Technology Services (DTS) ran a phishing campaign. 7605 emails were sent out to all staff (with an active Microsoft 365 account) on Wednesday 30th August, and the website was kept open until Monday 11th September.
The email was copied from an actual phishing attempt (only the name has been changed). This was a high risk attack. If this was real, users were likely to fall for it with potentially catastrophic consequences.
Learning actions
- Be aware of the red flags of this particular phishing email so you know what to look out for in future attacks
- Report the phish as soon as possible, even if you are unsure, to DTS so that in the event of real phish attack we can stop spread by automatically removing similar emails from other users' inboxes and we can check your account for compromise.
- If you are asked to change your UoR password, always go to your account on the Microsoft website (via search engine if necessary) rather than clicking a link in an email
Training
(UoR Learn, search for digital skills - security)
(DTS blog)
(Microsoft)
December 2022 Phishing Campaign #10
On Thursday 8th December the Cyber Security team in DTS ran our 10th phishing campaign. 7727 emails were sent out to all staff (with an active Microsoft 365 account). Rather surprisingly the whole campaign came to a halt on Friday 9th December as so many people reported the email it was marked as unsafe. We did not manage to get any useful information, other than a lot of you reported the email through Outlook as spam or phishing.
Learning actions
Phishing campaigns are not designed to catch you out, we want everyone to learn how to spot one! The takeaway messages from this campaign are:
- Be aware of the red flags of this particular phishing email so you know what to look out for in future attacks
- Report the phish as soon as possible, even if you are unsure, to DTS so that in the event of real phish attack we can stop spread by automatically removing similar emails from other users' inboxes and we can check your account for compromise.
This was a Social Engineering scam, where your desire to get something quickly (as there were only a limited number of "vouchers" available for a limit amount of time) overrides any normal checking you might do. These scams exploit human nature, so do not be disheartened if you fell for it.
Training
(UoR Learn, search for digital skills - security)
(Linked In Learning, video with quiz, 1h)
(NCSC, slides)
May 2022 Phishing Campaign #9
Between Tuesday May 24th and Tuesday May 31st 2022, the Cyber Security team in DTS ran a phishing campaign. 7829 emails were sent out to all staff (with an active Microsoft 365 account) on Tuesday 24th, and the phishing website was kept open until the following Tuesday.
Learning actions
Phishing campaigns are not designed to catch you out, we want everyone to learn how to spot one! The takeaway messages from this campaign are:
- Be aware of the red flags of this particular phishing email so you know what to look out for in future attacks
- Report the phish as soon as possible, even if you are unsure, to DTS so that in the event of real phish attack we can stop spread by automatically removing similar emails from other users' inboxes and we can check your account for compromise.
- This was a targeted attack on OneDrive, so make sure you have enabling Multi Factor Authentication (MFA) for Microsoft 365 if you have not already done so, to give an extra layer of defence.
Results
For security purposes, the results are on a separate page only accessible using your UoR sign on: . Do not share this information outside of the University.
Training
(UoR Learn, search for digital skills - security)
(LinkedIn Learning, video, 8mins)
(LinkedIn Learning, video, 1h)
Updated by lm920207 on 29/01/25
If you've received an email that you think is suspicious straight away.
Do not be tempted to click on any links or open any attachments in the email.