Skip Navigation

Simulated Phishing Update

Simulated Phishing Updates

May 13, 2024

**The following is from an email sent to OU faculty and staff May 6, 2024**

As many of you know, the quantity and sophistication of simulated phishing emails has noticeably increased over the past three months. Much of this can be attributed to new capabilities in our security awareness training platform, KnowBe4. OU IT enabled these functions in an effort to better prepare us all to deal with real cybercrime, of which the complexity and consequence is growing at an alarming rate. 

We’ve heard from many of you about how frustrating these emails can be. OU IT will be making some immediate changes to the simulated phishing program that we hope will come as welcome news. 

The University of Oklahoma is truly grateful for your efforts to keep our university safe and aware. 

Changes to Simulated Phishing Messages

We will be temporarily suspending the use of some KnowBe4 capabilities while we refine our configuration. You will continue to receive standard simulated phishing emails, but the following changes to functionality and frequency have been made:

  • Name-spoofing (emails from supervisors, etc.) has been disabled.
  • One simulated phishing email per month for most employees. New employees and those with recent phishing failures may receive additional messages.

The Most Frequently Clicked Simulated Phishing Email Subjects at OU:

  1. “Credit Union Settlement Agreement”
  2. “Vacation Policy Update”
  3. “Possible typo”

Phishing Threats to OU are Real

Correctly identifying and reporting phishing emails helps OU refine our defenses. Thank you for your continued effort in using the Phish Alert Button in Outlook to report phishing attempts, both real and simulated.

  • 85% of data breaches in Oklahoma are traced back to an email compromise (OK FBI Summit, 2023)
  • OU IT blocks 44,000 malicious emails per hour (yes, per hour)
  • Examples of real threats encountered at OU so far this year include:
    • Scammers impersonating deans and directors
    • Fraudulent job offers to students requesting financial information
    • Phishing that references real-time OU events to request login information
    • Emails to the personal email addresses of faculty that appear to come from university leaders
  • The education industry has become a high-value target due to the amount of sensitive data and the unique environment specific to academia (Microsoft, 2024)
Graph showing how different industries are effected by malware and cybercrime.

Cybersecurity Training and Awareness

We've introduced optional KnowBe4 training to keep you ahead of the curve. Stay sharp against evolving threats like smishing (SMS phishing) and vishing (voice phishing). Remember, the Phish Alert Button in Outlook is your first line of defense. If an email seems off, report it. It's quick, it helps everyone, and it keeps us secure.

Visit https://ou.edu/ouit/cybersecurity to learn more about protecting your device, your identity, and university data.

June 11, 2024

D2L Ends June 14th, 2024

On June 14th OU HSC will do the final transition to Canvas from Brightspace by D2L by ending access.

Read more Read article: D2L Ends June 14th, 2024
A woman speaking in front of a sign that says 'Bon Voyage D2L!' Read article: D2L Ends June 14th, 2024
May 20, 2024

OU IT Presents at 2024 CoIT Conference

OU IT staff presented at the Annual CoIT 2024 Higher Education IT Summit this past week.

Read more Read article: OU IT Presents at 2024 CoIT Conference
Three OU IT staff present at the 2024 CoIT conference. Read article: OU IT Presents at 2024 CoIT Conference
May 13, 2024

Simulated Phishing Updates

Update about the recent change in the quantity and sophistication of simulated phishing emails.

Read more Read article: Simulated Phishing Updates
Read article: Simulated Phishing Updates
OU Information Technology
660 Parrington Oval, Room 321
Norman, OK 73019
Phone: 405.325.4357
Updated 5/17/2024 by OU Information Technology: ouit@ou.edu