September 18, 2019
Dear Campus Community,
Most information security incidents and data breaches start with individual systems, when an end user opens a phishing email that delivers malware via a clicked link or attachment. Because of this, user awareness—more specifically, that a user is alert to phishing threats and knows how to spot suspicious emails—is phenomenally important.
Later this month, OIT will start a self-phishing campaign to help users practice identifying phishing attacks and reporting those attacks to OIT for faster remediation. This campaign is part of an awareness program sponsored and funded by the University of California Office of the President.
During this year-long campaign, the OIT Information Security team will periodically send emails to UC Merced users that look and behave like typical phishing emails. Anyone who clicks on the links or opens attachments will be taken to a landing page where they will learn more about phishing and how to spot attacks. Those who don't click will be unaffected. (Bonus points for reporting the threat to firstname.lastname@example.org .)
Throughout the year, the security team will collect data that demonstrates our progress toward the goal of increasing user awareness. Ultimately, we are confident that this exercise will be beneficial to the information security of individual UC Merced users and to the campus as a whole.
UC Merced Office of Information Technology