Driving Phishing Awareness Across Campus

Preventing Campus Members from Falling for the Bait

Topics: Information Technology, Information Security

This is a preview of restricted content.

  • If you are an EAB member, please log in.
  • If you are logged in and still see this message, the content is outside your membership portfolio, and we invite you to learn more by contacting us.
  • If you are not an EAB member and wish to learn more, please contact us.

IT Forum members can read the full study to learn how institutions:

  • Raise awareness of phishing emails through blogs dedicated to phishing email examples
  • Deliver timely and targeted phishing education to end users through institution-sponsored phishing simulations

Executive Summary


Faculty, staff, and students fail to recognize phishing scam emails and regularly input their university credentials and passwords in response to the emails, thereby exposing data and systems or proliferating spam. Root causes include:

  • Campus members’ feeling of immunity against cyber attacks
  • Phishing awareness campaigns too late or infrequent to help end users

Exacerbating this is that phishing attacks targeting higher education institutions nationwide are on the rise in 2014.

  • Definitions

    Resist: Does not provide university credentials and password in response to a phishing email (either by marking it as spam, deleting the email, or not replying)

    Succumb: When a recipient fails to resist a phishing email and provides university credentials and password in response to the email

Phishing Not to Be Taken Lightly