Phishing Awareness Campaign
We would like to inform you about the IT security measure "Phishing Detection Training". This training aims to reduce the threat of cyber attacks on our university.
Why phishing detection training?
Phishing is a fraudulent attempt to obtain (your) access data in order to use it for criminal activities. Most phishing attacks are carried out via fake e-mails to trick users into revealing their confidential information. Every week, tens of thousands of malicious e-mails are sent to the EUF, among others. The majority of these e-mails are detected by the EUF's security systems and automatically intercepted. However, since it is not always technically possible to reliably identify malicious content, some phishing e-mails may still reach their target.
The interactive phishing simulation from Hornetsecurity helps you to recognize the characteristics of a malicious email better and faster in a simple way.
In coordination with the ZIMT advisory board, the chancellor and the announcement in the senate, the interactive phishing awareness training for all EUF employees will start on August 5, 2024.
During the training, everyone will occasionally receive simulated phishing e-mails at random. These simulated phishing e-mails behave like real phishing e-mails, except that there is no danger to employees' data and devices at any time. Interaction with the simulated phishing e-mail leads to redirection to training content.
More Information
- Information on the phishing awareness training (including your personal training access) can be found on this website in the "Step-by-step guide" section.
- The training is completely anonymous. No data from individual persons is evaluated. This measure is for training purposes only. The knowledge acquired is also very valuable for private use.
- This training is licensed until March 2025.
- Important information on the topic of email security
Go to the interactive Phishing simulation from Hornetsecurity
Log in to Hornetsecurity
Watch a short video on how to sign up for Hornetsecurity.
Hornetsecurity Control Panel
The video gives you an overview of the various learning and information areas of Hornetsecurity.
Step 1:
Log in to Hornetsecurity with your EUF e-mail address: https://cp.hornetsecurity.com/login (Image 1)
Step 2:
The login is done via the Shibboleth interface (Image 2). The purpose of "Shibboleth" as a login option is to avoid you having to create new access data. Instead, you can simply use your university access data to log in to the website via a secure university server.
- Enter DOZ/VER identification + personal password
Step 3:
After successful registration, you will be redirected to the Hornetsecurity "Control Panel" (Image 3). The training units and results from the interactive test phishing emails in the three categories e-training, phishing simulation and achievements are provided.
Step 4: E-Training
Initially, a small number of e-training sessions on the topic of phishing are available. These are usually 5- to 8-minute videos with interactive questions (Image 4). You can start the training sessions by left-clicking on a training unit. You can repeat the units as often as you like. The training sessions include sound, so either connect speakers or headphones to your computer before you begin.
Over time, new training sessions will be made available to you. This way you can continuously expand your knowledge. Check the E-Training section about every four weeks and see if new units are available. From time to time, Hornetsecurity will also inform you about new training units by email.
Step 5: Achievements
A certificate of the training completed to date can be downloaded at any time from the Achievements section.
Step 6: Phishing Simulation
The phishing simulation is the centerpiece of the phishing awareness campaign.
You may wonder how to distinguish a Hornetsecurity phishing email from a real, malicious phishing email.
- Basically, recognize a phishing attempt and delete the email immediately!
You never know whether an email really wants to harm you or whether it comes from a phishing simulation. On Image 6, you can see an example of a phishing email from Hornetsecurity that may appear in your EUF Outlook account.
If you fall for a Hornet phishing email, your score in the phishing simulation will decrease. If you click on a link in a Hornetsecurity phishing email, you will be redirected to a "That was close" page, as shown in Image 7. If you select the "View now" button on the "That was close" page, you will be shown step by step which warning signals you overlooked based on the email you fell for.
Overview of the Phishing Analysis
If you are unsure whether an email is real phishing or comes from the Hornetsecurity simulation, proceed as follows:
- Do not click on anything in the email identified as phishing. Log in to Hornetsecurity as shown in steps 1 to 3. Select the category "Phishing Simulation".
In the Phishing Simulation category, you will see a detailed evaluation of all phishing emails sent to you by Hornetsecurity as part of the training (Fig. 8). You can find out what manipulative tricks were used in each individual email.
In the history (Image 9) you will find all the simulation emails sent to you. This way you can check whether the email identified as phishing came from the simulation or not. If you click on one of the emails in the history, you will be redirected to the "That was close" page. This way it won't affect your score in the phishing simulation.
Check suspicious Mail for Phishing Simulation
Difficulty level of the simulation
At the beginning of the training, you will easily recognize the phishing e-mails with the knowledge gained from the e-training. Over time, it will become more complicated to distinguish phishing e-mails from normal e-mails. The phishing e-mails are not sent at a fixed time or at fixed intervals. As with real phishing attempts, the rule is: "Be on your guard at all times".