Hafa Adai,

Congratulations to all the users who recognized the Xerox message as a phishing email!

We appreciate your cybersecurity awareness to help keep our campus network secure.

Phishing campaigns are the best security practice method to help us gauge our vulnerability.

From the fake Xerox message, you may have considered the following questions:

1. Is the message coming from a trusted and known source?
2. Is the message subject line a recognized topic or event?
3. Does the message contain spelling errors? or obvious syntax mistakes?
4. Does any of the message contain personally identifiable information?
5. Are you expecting a file from the Xerox machine?

The proper response to these questions should have provided enough warnings about the legitimacy of the email message.

The results from our phishing campaign:

• 2673 total emails sent to UOG employees
• 26 users who clicked the link (Percentage affected: 0.9%)
• 4 users who supplied their credentials (Percentage affected: 0.1%)

Learn more information and tips about phishing emails at the Information Security Office website and our weekly cybersecurity tips located in the IT home page under News & Announcements:

Here is also an article on two universities who were targeted to cyberattacks:

https://www.insidehighered.com/news/2019/08/27/two-universities-targeted-hackers-just-new-school-year 

Thank you for your participation in our initial cybersecurity phishing campaign!

Remember, a single click on a phishing email may cause catastrophic damage on our campus network. Stay vigilant!

Si Yu'os Ma'ase,

Information Security Office