There was a huge shakeup this week, and now one phisher has taken sole control of first place. But there are still a lot of phishers in striking distance as we head into the home stretch! The top 30 phishers all still have a chance to take the title home!
The Leader Board
October 16: Time Reporting
There are a lot of emails that you are desensitized to seeing, like the ones that payroll sends. In this case, it turned out not to be an effective phishing message because it fell below your radar, and not many people reported this one. Not many people clicked, either. But you also spotted that it was for September rather than October pretty easily.
October 19: Box Seats!
You might have been primed to look for fake athletics phishing messages after last week. Y’all spotted the typosquatting domain very easily. But it looks like for the most part, this one slipped by most of y’all, perhaps it looked real but got ignored…since only about half of you reported this one.
October 20: The Vaccine
If there were a vaccine trial at SMU, this wouldn’t be how you found out about it… or at least that was the consensus of folks who spotted this one.
October 21: COVID SURVEY
Surely they wouldn’t schedule 2 COVID-related phishing campaigns back to back? We did. It was slightly more effective than the previous day’s campaign in terms of clicks, but it got way more reports…good job on this one!
October 22: Susphishy Microsoft Warning
This was the classic phish. What made this a little customized was that it appeared to include your email address that was masked to provide some legitimacy in the form of a visible security measure. We didn’t have the capability with our phishing tool to customize this field, but the bad guys can guess the first 4 digits of your credit card number, and make this kind of thing seem more realistic. Y’all saw the domain was weird and only one person clicked!
George Finney, J.D., CISM, CISSP
Chief Security Officer