Simulated Phishing

As part of the Ohio University's security awareness program, the Office of Information Technology recently rolled out a new service called Simulated Phishing. Simulated Phishing is an educational exercise where emails similar to malicious emails are sent by an organization to their own staff to gauge their response to phishing and similar email attacks.

Cybercriminals use phishing to obtain sensitive information, such as login credentials, by disguising as a trustworthy organization or reputable person in an email communication. Simulated Phishing is designed to protect the OHIO community by training employees to identify and report these social-engineering threats.

Features

• Highly variable phishing messages that can be catered to the specific department.
• Senders varying from internal to external.
• No limit on how many times a manager can request a simulated phishing exercise.
• Sent in regular intervals or at random.

Eligibility

• Any business unit at Ohio University is eligible to request a simulated phishing exercise. The request must be submitted by a manager.

How to Request

• In order to request a simulated phishing exercise for a business unit, the manager can email security@ohio.edu. Once the request is received, an Information Security Analyst will reach out and set up the details of the exercise.