We have been warning about email Phishing scams for a long time, and while the situation has improved due to a combination of increased awareness and vigilance and improved technical countermeasures – Phishing remains a real threat.
The message remains the same – when using email and web systems, be careful where you click. Never give your account credentials to anyone, for any reason. Purchase College will never ask you to confirm or validate your UserID and password via email.
WARNING: If your account gets phished, your account will be disabled! Once your account has been disabled, you must contact CTS via Helpdesk Zoom Tech Support so that we may assist you and initiate steps to get your account reenabled. This is not a quick process as involves several CTS staff members to coordinate the steps that will grant you access to your account again. Further, you will be assigned additional security awareness training that focuses on how to avoid getting phished. You will have 3 weeks to complete this additional training. Also, your supervisor will be notified that you were phished. This procedure follows security measures that protect the College, your account, as well as student, faculty and staff data.
Why don’t we notify the campus when a phishing attempt is circulating the campus?We’ve been asked many times to notify the campus when a phishing email is found circulating the campus. The campus is constantly being bombarded with phishing attempts. This would have us sending email daily as multiple phishing attempts occur daily and are sent to different people.
Background
In 2022, a comprehensive audit of Purchase College’s Information Security Employee Awareness and Training Program was conducted. After the SUNY security audit was completed, it was recommended that Purchase College develop and perform phishing simulations to identify whether improvements to the program are needed to address certain areas and which individuals may require additional training. To comply with this recommendation, we will periodically send phishing simulation emails to assess the Purchase community’s responses to potential malicious phishing attacks. The simulation emails will serve to educate users on what to look for in order to better protect ourselves from actual attacks, and it will help to identify whether improvements to our current Security Awareness Training program are needed.
Federal regulations, State laws and/or Campus policy require Security Awareness Training for all employees. Purchase College uses an online platform called KnowBe4 to deliver the mandatory Security Awareness Training in both the fall and the spring semesters. Nation-state sponsored Phishing and Ransomware have reached epidemic proportions - and they are a serious threat to Purchase College - making this training more important than ever.
Simulated Phishing Results
The last 2 simulated phishing tests this semester produced 115 failures. Failures included one or more of the following:
clicking a malicious link
replying to the email
entering your account credentials
This means we must continue to focus on security to protect ourselves and the college from phishers.
You can go directly to the KnowBe4 Login page to find and complete any current or past due training you may have.
Please, help us protect Purchase College, and protect yourself! Complete the training, and always think before you click!
If you have trouble accessing the system, please contact the Helpdesk Zoom Tech Support Monday-Thursday 8am-6:45pm and Friday 8am-4:45pm, or dial +1 646 876 9923, Meeting ID: 914 251 6465 - or create a work request so we can assist.