Overview
VIU’s E-mail Security Awareness Program sends simulated phishing e-mails based on real-world examples that staff and students receive every day.
The goals of this program are to:
- Raise awareness of common phishing tactics
- Promote a culture of reporting suspicious e-mails
- Encourage participation in cybersecurity training
- Evaluate phishing susceptibility and the effectiveness of our strategies to protect VIU Staff and Students
The aggregated results from these simulations help us make evidence-based decisions about where to focus our time and budget when improving VIU’s cybersecurity defenses.
What to expect
At random points throughout the year, we’ll launch a new simulated phishing campaign. Each one uses a real phishing e-mail received by VIU staff or students, modified slightly to make it safe before we send it out.
The message will arrive in your inbox like any other that makes it past Microsoft’s anti-spam filters and will include the standard external e-mail banner. Our goal is to keep things as authentic as possible without using tricks or tactics you wouldn’t normally encounter.
If the e-mail seems convincing and you click a link, you’ll be taken to a Knowledge Base article with quick training. It highlights what signs could have tipped you off and what to look out for next time. It only takes one to two minutes to read. We’d appreciate you taking a moment to check it out.
If you report the simulated phishing e-mail using the Report Phishing button, you’ll get a follow-up e-mail at the end of the campaign (usually within two days) congratulating you, along with a link to the KB article and a screenshot of the message if you’re curious which one it was.
If you simply delete the message without clicking or reporting it, that’s fine too. You won’t hear anything else from us for that round.
If you're away during the campaign, you likely won’t see the e-mail at all. Once the campaign ends, the message is removed from mailboxes.
Frequently Asked Questions:
Is clicking going to get me in trouble?
Nope! This program is about building awareness, not punishment. The information we gather helps identify trends and improve our e-mail security. If we notice a pattern we may reach out to offer additional tips or resources to help you spot threats more easily.
Can I opt-out?
No. The data from these campaigns helps us understand how effective our security tools, training, and communication efforts are, so we can continue improving them.
Who is included in this program?
The campaigns include staff, affiliates, and retirees. Yes, that includes us in IT. Students will be added in a future phase.
How many campaigns are you going to run a year?
We don’t have a fixed number planned, but we understand that everyone is busy and receives a lot of e-mail. Our goal is to be thoughtful and efficient with these campaigns, keeping them purposeful and not excessive.
Feedback
If you have any feedback on our E-mail Security Awareness Program, please contact VIU Information Security directly at infosec@viu.ca.