One way that a criminal may attempt to obtain protected information that is critical to the security of the University is through a phishing attack. Whether or not the criminal is successful in their endeavor is often contingent upon establishing trust with their victim. In some cases however, it could simply be the criminal trying their luck! The hard truth is that UBC is constantly being phished and your institution is too! Believe it or not, criminals typically use a customer relationship management tool to track the response rates and engagement statistics of their phishing campaigns so they can further target individuals who have already responded to a phish. To help employees better understand how they can quickly spot some of the most common types of phishing and avoid falling victim to their attacks, the UBC Cybersecurity team has established a Self-Phishing training program based on GoPhish. This means that, after first warning units that an ‘attack’ is imminent, we send our own phishing messages (crafted to look just like the criminals) to UBC employees! Join our session to learn more about why UBC chose to adopt a Self Phishing program and how the program has helped to protect faculty and staff against phishing attacks!
Matthew EllisManager, Cybersecurity Incident Response | University of British Columbia
Matthew Ellis is the Manager of the Incident Response team at the University of British Columbia (UBC) involved in mitigation, response, threat intelligence, and user community training to protect against cybersecurity threats. Matthew has over 20 years experience in education IT, with almost 15 of those at UBC.