Internal Phishing Program

BGSU Information Technology Services (ITS) has initiated an internal phishing program to help raise awareness of email phishing and its consequences, and to educate the BGSU community on how to avoid falling victim to attacks. Details about the program are outlined below.

• Phishing test messages will simulate real-world phishing attempts, starting with easily identifiable phishing scenarios and progressing to more advanced scenarios as employees improve their response. 

• Employees who receive suspicious emails should forward them to abuse@bgsu.edu, regardless of if they think it is part of the test or not.

• Employees who fall for a phishing attempt will be redirected to an educational webpage comprised of phishing information and training opportunities, including the identification of specific elements within the message that would help to distinguish it as fraudulent.

• Testing results will remain anonymous with only aggregate statistics being shared with ITS management.*  

• Notification will be sent to employees prior to the sending of any test messages to keep them fully informed.
  

*ITS will report users who have been phished by 3 or more test messages to supervisors for assistance with additional training

These internal phishing messages are learning opportunities and employees will not be punished for falling victim to a test attack.

However, employees are strongly encouraged to treat all suspicious emails as potentially dangerous. While these simulated messages are not malicious, real phishing attacks pose a great threat to the university community. Help us to identify suspicious emails by forwarding them to abuse@bgsu.edu.

Please continue to reference this page for important information, updates and tips.