Jump to main content

COVID-19: News and Campus Updates

Information Security

Information Security's mission is to defend the institution's data, systems, infrastructure, and users from cybersecurity threats.

News/Notifications

KnowBe4: New Phishing Awareness Prevention and Training Tool

We will be activating the KnowBe4 Phish Alert Report button and are removing the Microsoft Report Message button. This is in anticipation of implementing our KnowBe4 phishing awareness campaign that will start in the fall.

The new and the old button are shown below.

Image of the old and new reporting buttons

The new phish alert option is being activated along with our KnowBe4 Phishing and Cyber and Information Security training resources provided by KnowBe4. When you get an email... you have a few options... if it is Phishy / Spammy / Fraudy / Scammy. Report it via the Phish Alert Report, just like we hope you were doing with the old Microsoft Report Message button.

Why the change? KnowBe4 has Phish/Scam training, where we use their Phish catalog to send you an email to “test” your ability to catch and report the message.

During Fall Semester we will start sending a Phish Training email out to Faculty and Staff. When you get one of the test messages, simply report it via the Phish Alert Report button.

Following is a phish test example:

Image of a phishing email

I reported it because I recognized 1. The sender was not legitimate (LinkedIn@unco.edu > LinkedIn via ipservices.org), 2. The (i) message that the identity of the sender could not be verified,3. LinkedIn does not reach out saying someone is a friend. 4. No connections suggestions are sent from LinkedIn without their name, 5. the [Accept] View invitation from “Someone” and 6. I know LinkedIn isn’t a search engine that has answers to most difficult questions.

Since I reported the message via the Phish Alert button and didn’t fall for it (Yes, I knew the message was coming), I received a “Kudo's Nice Job” for not falling for the scam.

If I would have clicked reply or the [Accept] / view invitation links… I would have been warned that this was a phish training scam, and then given options for training from KnowBe4 to help me understand why.

The Intent of the KnowBe4 Phishing and Training is not to punish but rather to make sure you have as many oportunities as possible to see the tricks that attackers are using before you, the UNC community, or your family and friends encounter them from actual attackers. 

If the email you report to the "Phish Alert Button" was not a KnowBe4 Campaign it will still be passed onto Microsoft's "Junk Mail Process" for Reporting Messages With these reported messages, we can use the KnowBe4 PhishER and Phish Machine Learning to defang phishing emails and flip them into training opportunities. By flipping them into simulated phishing campaigns also known as PhishFlip!

Phish flip image

If you have any questions please contact us at it.security@unco.edu 

Thank you!