Although it couldn’t manage to outscore Gonzaga in the NCAA March Madness Tournament, Ohio State looked to up its cybersecurity awareness game by phishing students.
The university’s IT Risk management office started a campaign to educate students on the threats phishing emails pose by sending out fake university- produced emails from phony and at times humorous emails addresses to see how students responded to the emails, according to the student newspaper.
The emails contained subject lines ranging from student-employee information updates to changes in financial aid coverage that could potentially fool even vigilant students with the goal of showing how attackers think, school officials said.
“For the individual student, your identity is so critical,” said Gary Clark, Ohio State’s information risk management director. “It’s really the loss of identity is what’s driving us to educate our students.
Its unclear the exact number of emails that were clicked, but a security analyst lead in the school’s IT risk management office told the publication, almost 19 percent of the school’s 66,000 plus students took the bait.