As you know, October was National Cyber Security Awareness Month, a time to spotlight best practices for staying safe online. This year, during the month of October, we focused on understanding and combating phishing attacks—a leading cause of data breaches and cyber incidents worldwide. Whether you’re working from the office, home, or on the go, staying vigilant against phishing is everyone’s responsibility.

What Is Phishing?

Phishing is a cybercrime where attackers impersonate legitimate organizations via email, text, or other forms of communication to steal sensitive information like passwords, credit card numbers, or company data. Phishing emails often appear urgent, contain suspicious links or attachments, and may request personal or business details.

October’s Phishing Campaign: What you Saw

As part of our ongoing training and awareness initiatives, we conducted a series of simulated phishing emails. Here’s what you saw:

  • Simulated Phishing Emails: You all received a wide range of emails that mimic real phishing attempts. These are safe and designed to help you recognize suspicious patterns.
    • We cultivated a range of difficulty for this month’s campaign to try to ensure you are aware of all the different tactics that bad actors will employ to gain access and your trust. Thank you for your participation – whether you clicked a link or reported the Phish.
    • The data we’ve received during the campaign (how many folks reported, what tripped people up, etc.) allows us to understand how we can better serve you and figure out better mechanisms to protect you -  our customers.
  • How we did: We’ll be able to share our ‘by the numbers’ slide during the December Open Forum/Holiday party – because what says Holiday better than Phishing Campaign.
  • Remember – There are NO penalties for falling for a simulation, just learning opportunities!
     

How to Spot a Phishing Email

  • Check for spelling and grammar mistakes or unusual requests.
  • Be wary of urgent or threatening language, like “Your account will be closed!”
  • Hover over links to see the actual web address before clicking.
  • Never provide personal or company information via email unless you’re sure of the sender’s identity.
  • Verify suspicious requests by contacting the sender through a trusted channel. Verify THEN Trust!!

What Should You Do If You Suspect Phishing?

  1. Do not reply to the message or click any links.
  2. Report the email using the Report Phish button located in your top Outlook Menu Bar, and then delete the suspicious message from your inbox.

 

Let’s Be Cyber Smart Together!

Every UMPO employee plays a vital role in protecting our organization from cyber threats. Thank you for your participation in Cyber Security Awareness Month and for staying alert during our phishing awareness campaign. If you have questions or need support, reach out to our IT team at any time.

Stay safe and remember: Verify THEN Trust!

From your friendly InfoSec team,

Brad Smith, Chief Information Security Officer (CISO), was spotted walking around 50 Washington, congratulating everyone who completed the security awareness training and reported the suspicious email with candy!