Most Pitt employees pass phishing test sent by IT

By MARTY LEVINE

Pitt email users are getting better at not clicking on malicious links offered by phishing scams, the University’s chief information security officer, Ollie Green, told the Senate’s Computing and Information Technology Committee meeting on April 12.

But all it takes to create trouble for many on campus is for one person to open the electronic door and let in dangerous software, said committee chair Michael Spring.

Green reported that the University’s latest phishing test came March 16 to 19, when 11,828 faculty and staff received a fake phishing email with the subject line “Right now — earn and save your crypto,” which touted earning money by getting crypto-currency, such as Bitcoin. “Follow your private link — Click here,” the email said.

Before five minutes had elapsed, Green said, a recipient had reported the email as potentially dangerous. But before 20 minutes had elapsed, one recipient had already clicked on the link, opening his email account and Pitt to potential invasion.

Overall, 73 percent of recipients simply ignored the email and left it unopened ­— which effectively thwarts the threat. Almost 21 percent opened the email without clicking on the link.

But nearly one percent of recipients — 90 people — clicked the link, and only 51 of those reported the email later to Pitt by forwarding it to phish@pitt.edu.

Of the 10 largest responsibility centers at the University, the School of Medicine had the highest susceptibility rate — 1.70 percent of users — while Pitt’s overall susceptibility rate was .76 percent.

Instead of being harmed by malicious software, those who clicked the link were taken to Pitt’s phishing education page, which offers training on how to recognize phishing emails and what to do — or not do.

Spring suggested, short of a perfect score of zero clickers, phishing will remain a danger to all of us.

Green was pleased with the low number of people who fell for the simulated scam, but said: “Maybe we need to increase the strength of the phishing email so it looks more realistic” or even more tempting, to see if most people can still resist it.

Marty Levine is a staff writer for the University Times. Reach him at martyl@pitt.edu or 412-758-4859.

 

Have a story idea or news to share? Share it with the University Times.

Follow the University Times on Twitter and Facebook.