From ITPro: The University of California Santa Cruz (UCSC) has come under fire after it conducted phishing training using a fake Ebola virus track and trace alert. Security experts have criticized the test after it caused panic on campus, forcing senior leaders at the university to come out and publicly acknowledge its error of judgment.
On 18 August 2024, UCSC’s IT department sent out a test email intended to teach students, faculty members, and other operation staff about the dangers of phishing attacks. The email warned that a member of UCSC’s staff, who had recently returned from a trip to South Africa, had contracted the Ebola virus. The message claimed to be part of the organization’s contact tracing system, looking to identify and inform those who may have been in close contact with the affected staff member. It also contained links to a fake webpage purported to have been set up to support individuals affected by the ‘outbreak’, including the necessary steps to take if they were exposed.
The message was allegedly based on a real phishing email caught by the IT department some weeks earlier, according to the webpage dedicated to providing an up-to-date list of the latest phishing attacks targeting community members. Chaos ensued with many people taking to social media in an effort to confirm if the warning was legitimate or not...
Full story at https://www.itpro.com/security/how-not-to-conduct-cyber-awareness-training-ucsc-slammed-for-tone-deaf-ebola-phishing-tests.
No comments:
Post a Comment