Main content
Campus Technology Services

Phishing Simulation and Security Awareness Training

We have been warning about email Phishing scams for a long time, and while the situation has improved due to a combination of increased awareness, vigilance and improved technical countermeasures – Phishing remains a real threat.

 

The message remains the same – when using email and web systems, be careful where you click. Never give your account credentials to anyone, for any reason. Purchase College will never ask you to confirm or validate your UserID via email and will never ask for your password under any circumstances.

 

WARNING: If your account gets phished, your account will be disabled! Once your account has been disabled, you must contact CTS via Helpdesk Zoom Tech Support so that we may assist you and initiate steps to get your account reenabled. This is not a quick process as involves several CTS staff members to coordinate the steps that will grant you access to your account again. Further, you will be assigned additional security awareness training that focuses on how to avoid getting phished. You will have 3 weeks to complete this additional training. Also, your supervisor will be notified that you were phished. This procedure follows security measures that protect the College, your account, as well as student, faculty and staff data.

 

Why don’t we notify the campus when a phishing attempt is circulating the campus?

We have been asked many times to notify the campus when a phishing email is found circulating the campus. The campus is constantly being bombarded with phishing attempts.This would have us sending email daily as multiple phishing attempts occur daily and are sent to different people.

 

Background

In 2022, a comprehensive audit of Purchase College’s Information Security Employee Awareness and Training Program was conducted. After the SUNY security audit was completed, it was recommended that Purchase College develop and perform regular phishing simulations to identify whether improvements to the program are needed to address certain areas and which individuals may require additional training. To comply with this recommendation, we will periodically send phishing simulation emails to assess the Purchase community’s responses to potential malicious phishing attacks. The simulation emails will serve to educate users on what to look for in order to better protect ourselves from actual attacks, and it will help to identify whether improvements to our current Security Awareness Training program are needed.

 

Federal regulations, State laws and/or Campus policy require Security Awareness Training for all employees. Purchase College uses Microsoft Defender to deliver the mandatory Security Awareness Training in both the fall and the spring semesters. Nation-state sponsored Phishing and Ransomware have reached epidemic proportions - and they are a serious threat to Purchase College - making this training more important than ever.

 

Simulated Phishing Results

The last simulated phishing test during the Fall semester produced 83 failures. Failures included one or more of the following:

 

clicking a malicious link

replying to the email

entering your account credentials

 

This means we must continue to focus on security to protect ourselves and the College from phishers.

Remember to use the new Report Email Message Button to help alert CTS staff to potential phishing threats. Do not forward suspected phishing emails.

 

Complete your training

You can go directly to the Microsoft Defender Training site to find and complete any past due security awareness training you may have.

 

Please, help us protect Purchase College, and protect yourself! Complete the training, and always think before you click!

 

If you have trouble accessing the system, please contact the Helpdesk Zoom Tech Support Monday-Thursday 8am-6:45pm and Friday 8am-4:45pm, or dial +1 646 876 9923, Meeting ID: 914 251 6465 - or create a work request so we can assist.