In October, we learned how not to “fall” for phishing

Cybersecurity Awareness Month: Don't Fall for Phishing

Last month, Technology Services was a presence all over campus at events that demonstrated how to avoid phishing and the real-world consequences of getting hooked.

October is Cybersecurity Awareness Month and Technology Services reaches out to the wider university annually with activities that grab your attention and impart a message. This year included games, rewards, and chances to exercise both creativity and teamwork.

“As tactics get more sophisticated and we are bombarded with more and more messages, it’s important to understand how cybercriminals use trusted technologies and our own emotions against us to gain access to data, passwords, and credentials,” explained Lead Cybersecurity Training Specialist Isaac Galvan.

Phish Market – keeping you off the hook

Aimed at students, the Phish Market featured games like you’d experience at a community fair. Participants answered questions about phishing and played for prizes.

Galvan estimated that more than 100 students came through the Digital Computer Lab on October 4 and tried their hand at Phish Phootball, spun the Wheel of Phish, took selfies with costumed staff, and played other carnival games.

Students nowadays are digital natives and might think they have the upper hand when it comes to technology, that they can’t get tricked. But phishing is more than the delivery method, according to Galvan. “Whether it’s sent in email or via text, a lot of what makes for successful phishing is the bad actor getting you to bypass red flags or succumb to emotional pressures. Reminding students to slow down and think before acting in our fast-paced environment is part of what we shared at this event,” he explained.

Haiku Contest – cybersecurity in just 17 syllables

Anyone at the university was encouraged to submit either original or AI-generated haiku poetry with a phishing or cybersecurity theme.

“The judging panel had a great time reading through more than 70 submissions and it was hard to select favorites to showcase to the campus community,” said Cybersecurity Training Specialist Sandy Bone.

“One of the best parts about the contest was that the haikus demonstrated creativity and quite a lot of cybersecurity knowledge in very few words. Haiku only allows for 17 syllables,” she added.

See this year’s spotlighted haikus at 2023 Haiku Contest

Cybersecurity Escape Rooms – teamwork defeats cybercriminals

Technology Services provides cybersecurity for both the UIS and UIUC campuses, and there were facilitated in-person escape rooms at both locations. Teams of 4-5 worked their way through a packet of clues and used deductive skills to “save the barnyard.”

“This is another very engaging learning tool in our toolkit. We’ve adapted it from Indiana University’s original version, and it’s been well received each time. When a small group can successfully complete this challenge, it helps people to know they have the knowledge needed to spot and avoid phishing when it comes their way in real life,” Galvan explained.

Haunted Phish Market – a second chance at phishing fun

Taking advantage of the tradition of handing out candy on Halloween, staff set up at the Campus Instructional Facility on October 30 to reprise the Phish Market; this time adding candy giveaways to the prizes as a bonus for participation.

“We engaged with more than 300 people that day and it was a fantastic way to wrap up the month,” said Bone.

The learning continues year-round

Technology Services’ charge includes increasing the number of individuals at the University who regularly receive cybersecurity training. This type of outreach expands upon what the team does with scheduled in-person and online trainings.

Good cybersecurity practice is a two-sided coin, according to Galvan. “The University uses the best tools and has a team of professionals protecting our systems and data. And there are thousands of employees and students who can help increase that protection by putting what they learn in all our training venues into action,” he said.

Visit the Cybersecurity Training & Awareness web page to learn more.