Phishing Awareness Training

Introduction

This training is part of the UO's security awareness training program, the ongoing effort to educate the UO community about policies, procedures, and best practices relating to information security.

The University of Oregon utilizes two methods of phishing awareness training.

1. An Introduction to Phishing, an online training module about email phishing that is available to everyone at the University of Oregon and;
2. Simulated Educational Phishing Campaingns, designed to give the University of Oregon community experience in identifying and reporting simulated phishing messages.

About the Training

An Introduction to Phishing 

The Introduction to Phishing training will help you identify potentially dangerous emails and teach you how to deal with them effectively. This brief, interactive module is recommended for all UO students, staff, and faculty.

Access the training through the link below. It will take you to UO's Proofpoint Security Awareness Training (PSAT) platform. Log in with your Duck ID when prompted. Then the training will start.

Introduction to Phishing (15 minutes; PSAT platform)

Simulated Phishing Educational Campaigns

Spotting phishing emails is a skill that gets better with practice! Our phishing awareness and reporting exercises are crafted to give the Oregon community hands-on experience in identifying and reporting simulated phishing attempts. This way, when a real phishing email lands in your inbox, you’ll be ready to tackle it with confidence.

Why Simulated Phishing?

Despite our security tools blocking millions of phishing messages each month, some will inevitably slip through into your inbox. You are our first and best line of defense against these threats. Recognizing phishing attempts is crucial to protecting yourself, and reporting them helps shield our entire community. Stay vigilant and proactive—phishing awareness and reporting practice will keep us ready to respond swiftly and effectively to these ever-present dangers.

What to expect

University community members should expect to receive a  simulated phish at least once every three months.  As with any suspicious message, it should be reported using the Report Phish Button or by forwarding it to phishing@uoregon.edu.

If you miss the simulated phish and accidently click on the link, you will be redirected to a page that  reassures you it’s just a drill and highlights the warning signs to watch out for next time. After you have read the information presented, close that page and report the email. Remember, it’s all part of staying sharp and ready. Every practice counts.

These exercises will

• Deliver simulated phish based on actual phishing attempts found in the community
• Give the University of Oregon community experience in identifying and reporting phishing emails
• Deliver  data-driven insights into the phishing risks faced by our community

These exercises will not

• Send overly deceitful emails using techniques more sophisticated than observed in the University of Oregon community.
• Directly impersonate University of Oregon departments or services.
• Report the identities of those who click.
• Assign mandatory training or take punitive action against those who click.

Have Questions?

Contact the Information Security Office by submitting a ticket to the Security Awareness Training Support service. 

Additional Resources

• If you need help with phishing awareness training, please submit a ticket at Security Awareness Training Support.
• The UO Cybersecurity Basics training is available to all UO employees.
• More cybersecurity awareness trainings are available to anyone with a Duck ID through UO's PSAT platform via infosec.uoregon.edu/training.