Phishing is a topic covered by many of our One Step Ahead tips and frequently communicated to you by awareness materials from your Schools and Centers. Have you ever wondered which types of phishing attacks you are most likely to fall victim to?

To help answer this question, the ISC Office of Information Security (OIS) licensed the Proofpoint Security Education platform which offers education, assessment, reinforcement and measurement through a useful suite of training tools. Penn Schools and Centers will have the opportunity for opt-in access to this interactive training.  

Proofpoint Security Education offers the following educational process:

Educate—Provides participants with short, interactive videos that help them recognize various phishing messages and how to avoid each variation. 

Assess—Sends participants a simulated phishing email messages to evaluate their response to phishing attempts. In this phase, participants can self-assess their knowledge in recognizing phishing, either by reporting the email message or by not taking any action. 

Reinforce—Directs participants who respond to the simulated phishing message to a training page which identifies the clues that characterize the difference between a legitimate message and a phishing message.

Measure—Tracks participants’ recognition of phishing and their reporting of the simulated messages over a fixed time period, which will demonstrate the effectiveness of the training.

For information on Proofpoint Security Education and the training methodology, contact OIS at security@isc.upenn.edu 

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead