The Office of Information Security recently added several layers of phishing protection for our institution. We hope you have located, and perhaps even used, the new Phish Alert Button (PAB). Last week, our office distributed our first university-wide message from the KnowBe4 platform, asking users to report it as a phish using the PAB to help you familiarize yourselves with this new tool. Reporting phishing attempts using the PAB is an easier way to quickly notify our office of a potential threat while ensuring that we receive all of the information we need from the original message so that we can conduct further investigation. We would like to sincerely thank everyone who took the time to read our email and report it using the PAB.
The email itself was the first example of the types of phishing simulations the KnowBe4 platform uses to increase resilience to common threats. Our office wants to be as transparent as possible about this system, so we started with a message that clearly explains its purpose. In the future, we will be distributing phishing simulations that mimic real-world threats as a training strategy to help you identify phishing warning signs, decreasing the likelihood that a real threat will affect you or our institution.
Please report anything that looks ‘phishy’ using the PAB. If it is an actual threat, we will investigate. If it is a simulation, you will receive a message congratulating you for your vigilance.
KnowBe4 was a key component of the competitions we hosted this year for Cybersecurity Awareness Month. Thank you to everyone who participated, taking the time to refresh their security knowledge and skills! We are in the process of selecting our winners, and we look forward to providing more opportunities to win prizes soon.
Instructions for using the PAB depend on the version of Outlook you are using and are available at https://informationsecurity.wustl.edu/phish-alert-button-how-to-report-phishing-on-campus/. If you aren’t using Outlook, suspected phishing messages should be forwarded to email@example.com, preferably as an attachment.