Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Phishing

OHSU Apologizes After Phishing Test Draws Complaints

Officials at Oregon Health & Science University have apologized to employees after a fake phishing test drew complaints about raising false hopes.

Officials at Oregon Health & Science University have apologized to employees after a fake phishing test drew complaints about raising false hopes.

The university sent the phishing test email to employees on April 12 offering up to $7,500 in financial assistance, Portland television station KGW8 reported Thursday.

The email, from a “benefit(@)ohsu.edu” address, read in part: “In response to the current community hardship caused by the COVID-19 pandemic, Oregon Health & Science University has decided to assist all employees in getting through these difficult times.” It included a link where respondents could “register” for COVID-related benefits.

[ Read: Research: Simulated Phishing Tests Make Organizations Less Secure ]

But the offer was not real — it was a test intended to measure employees’ cybersecurity awareness and OHSU’s own technology systems. The test was sent several days after the university sent a message to employees warning them about suspicious emails.

The phishing test was met with frustration from some employees.

In a prepared statement, OHSU apologized and said the university didn’t fully consider the harm the phishing test could cause.

“This week, as part of OHSU’s regular exercises to help members practice spotting suspicious e-mails, the language in the test e-mail was taken verbatim from an actual phishing e-mail to ensure no one else fell for the scam. That was a mistake,” the OHSU statement said. “The real scam was insensitive and exploitive of OHSU members — and the attempt to educate members felt the same way, causing confusion and concern.”

Advertisement. Scroll to continue reading.

Related: Security Awareness Training Debate: Does it Make a Difference?

Related: Report: Security Awareness Training Top Priority for CISOs

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Phishing

The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Cybercrime

Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Phishing

The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...