Phishing Awareness Campaign
We would like to inform you about the IT security measure "Phishing Detection Training." This training aims to reduce the threat of cyberattacks at our university.
Why phishing detection training?
Phishing is a fraudulent attempt to obtain (your) access data in order to use it for criminal activities. Most phishing attacks are carried out via fake emails to trick users into revealing their confidential information. Every week, tens of thousands of malicious emails are sent to EUF and other places. The majority of these emails are detected by EUF's security systems and automatically intercepted. However, since it is not always technically possible to reliably identify malicious content, some phishing emails may still reach their target.
The interactive phishing simulation from Hornetsecurity helps you to recognize the characteristics of a malicious email better and faster in a simple way.
In coordination with the ZIMT Advisory Board, the Chancellor, and the announcement in the Senate, the interactive phishing awareness training for all EUF employees will start on August 5, 2024.
During the training, everyone will occasionally receive simulated phishing emails at random. These simulated phishing emails behave like real phishing emails, except that there is no danger to employees' data and devices at any time. Interaction with the simulated phishing email leads to redirection to training content.
More Information
- Information about the phishing awareness training (including your personal training access) can be found in the "Step-by-step guide" section of this website.
- The training is completely anonymous. No data from individual persons is evaluated. This measure is for training purposes only. The knowledge acquired is also very valuable for private use.
- The training license is valid until March 2025.
- Important information on the topic of email security
Jump to the interactive Phishing simulation from Hornetsecurity
Log in to Hornetsecurity
Watch a short video on how to sign up for Hornetsecurity.
Hornetsecurity Control Panel
The video gives you an overview of the various learning and information areas of Hornetsecurity.
Step 1:
Log in to Hornetsecurity with your EUF email address: https://cp.hornetsecurity.com/login (Image 1)
Step 2:
The login is done via the Shibboleth interface (Image 2). The reason for this is to save you from having to create new access data. Instead, you can simply use your university access data to log into the website via a secure university server.
- Enter DOZ/VER identification + personal password
Step 3:
After successfully registering, you will be redirected to the Hornetsecurity "Control Panel" (Image 3). You will then have access to the training units and results from the interactive test phishing emails in three categories: e-training, phishing simulation, and achievements.
Step 4: E-Training
Initially, you can access only a few e-training sessions about phishing. These are usually 5- to 8-minute videos with interactive questions (Image 4). To start a training session, left-click on a training unit. You can repeat the units as often as you like. As training sessions include audio, be sure to connect speakers or headphones to your computer before you start.
New training sessions will be made available to you over time. This allows you to continuously expand your knowledge. Check the E-Training section about every four weeks and see if any new units are available. From time to time, Hornetsecurity will also inform you via email about new training units.
Step 5: Achievements
You can download a certificate of your completed training at any time from the Achievements section.
Step 6: Phishing Simulation
The phishing simulation is the centerpiece of the phishing awareness campaign.
You may wonder how to distinguish a Hornetsecurity phishing email from a real, malicious phishing email.
- The basic rule is: recognize a phishing attempt, and then immediately delete the email!
You never know whether an email really wants to harm you or whether it comes from a phishing simulation. On Image 6, you can see an example of a phishing email from Hornetsecurity that may appear in your EUF Outlook account.
If you fall for a Hornet phishing email, your score in the phishing simulation will decrease. If you click on a link in a Hornetsecurity phishing email, you will be redirected to a "That was close" page, as shown in Image 7. If you select the "View now" button on the "That was close" page, you will be shown step by step which warning signals you overlooked based on the email you fell for.
Overview of Phishing Analysis
If you are unsure whether an email is real phishing or comes from the Hornetsecurity simulation, proceed as follows:
- Do not click on anything in the email identified as phishing. Log into Hornetsecurity as shown in steps 1 to 3. Select the category "Phishing Simulation".
In the Phishing Simulation category, you will see a detailed evaluation of all phishing emails sent to you by Hornetsecurity as part of the training (Fig. 8). You can find out what manipulative tricks were used in each individual email.
The history section (Image 9) shows all the simulation emails sent to you. This way, you can check whether the email identified as phishing came from the simulation or not. If you click on one of the emails shown here, you will be redirected to the "That was close" page. Thus, it won't affect your score in the phishing simulation.
Check suspicious email in the Phishing Simulation
Difficulty level of the simulation
At the start of the training, you'll easily recognize the phishing emails thanks to the knowledge you acquired during e-training. Over time, however, it will become more difficult to distinguish phishing emails from normal emails. The phishing emails are not sent at a fixed time or at fixed intervals. As with real phishing attempts, the rule is: "Be on your guard at all times."