Skip Navigation

Simulated Phishing Update

Simulated Phishing Updates

May 13, 2024

**The following is from an email sent to OU faculty and staff May 6, 2024**

As many of you know, the quantity and sophistication of simulated phishing emails has noticeably increased over the past three months. Much of this can be attributed to new capabilities in our security awareness training platform, KnowBe4. OU IT enabled these functions in an effort to better prepare us all to deal with real cybercrime, of which the complexity and consequence is growing at an alarming rate. 

We’ve heard from many of you about how frustrating these emails can be. OU IT will be making some immediate changes to the simulated phishing program that we hope will come as welcome news. 

The University of Oklahoma is truly grateful for your efforts to keep our university safe and aware. 

Changes to Simulated Phishing Messages

We will be temporarily suspending the use of some KnowBe4 capabilities while we refine our configuration. You will continue to receive standard simulated phishing emails, but the following changes to functionality and frequency have been made:

  • Name-spoofing (emails from supervisors, etc.) has been disabled.
  • One simulated phishing email per month for most employees. New employees and those with recent phishing failures may receive additional messages.

The Most Frequently Clicked Simulated Phishing Email Subjects at OU:

  1. “Credit Union Settlement Agreement”
  2. “Vacation Policy Update”
  3. “Possible typo”

Phishing Threats to OU are Real

Correctly identifying and reporting phishing emails helps OU refine our defenses. Thank you for your continued effort in using the Phish Alert Button in Outlook to report phishing attempts, both real and simulated.

  • 85% of data breaches in Oklahoma are traced back to an email compromise (OK FBI Summit, 2023)
  • OU IT blocks 44,000 malicious emails per hour (yes, per hour)
  • Examples of real threats encountered at OU so far this year include:
    • Scammers impersonating deans and directors
    • Fraudulent job offers to students requesting financial information
    • Phishing that references real-time OU events to request login information
    • Emails to the personal email addresses of faculty that appear to come from university leaders
  • The education industry has become a high-value target due to the amount of sensitive data and the unique environment specific to academia (Microsoft, 2024)
Graph showing how different industries are effected by malware and cybercrime.

Cybersecurity Training and Awareness

We've introduced optional KnowBe4 training to keep you ahead of the curve. Stay sharp against evolving threats like smishing (SMS phishing) and vishing (voice phishing). Remember, the Phish Alert Button in Outlook is your first line of defense. If an email seems off, report it. It's quick, it helps everyone, and it keeps us secure.

Visit https://ou.edu/ouit/cybersecurity to learn more about protecting your device, your identity, and university data.

A red line from OU Branding
October 24, 2024

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month! All faculty, staff, and students are welcome to participate.


October 07, 2024

OU IT Welcomes New CIO

On September 30th, 2024, OU IT welcomed its new Chief Information Officer, Nishanth Rodrigues.


October 01, 2024

Faculty Technology Survey

How do you use technology in your teaching, learning, and research? The OU Teaching and Learning Technologies Advisory Committee wants to hear from you.