VWCC PhishTrain Summary Report

Information security is a daily concern in today’s work environment.  Bad actors/hackers are continually attempting to access sensitive data and systems by impersonating “real employees” within an organization.   Some of you may have received emails asking you to contact a senior staff member or purchase gift cards, and some VCCS agencies have seen emails requesting unauthorized changes to payroll direct deposit accounts.

On September 12th, the Information Security Shared Services (ISSS) team (Natalie Talbott & Brenda Bowling) launched the first of what will become on-going Phishing Campaigns.  The use of phishing emails to infiltrate networks and steal sensitive data is increasing at an alarming rate. The goal of our internal campaigns is to educate employees at all levels on basic ways to identify phishing emails and raise awareness of cyber-attacks.

How the Campaign was Conducted

An email was sent from a false account (rsandel@vwcc.edu) using a sender name Bobbie Sandle.  The message indicated Dr. Sandel needed your assistance and to click here.  There were several red flags in the email to include the misspelling of the sender’s name, the incorrect email address, and the contents of the message made no sense.

Expected Results

  • Some users would view this message as suspicious and not click the link because of the false account, and report it to the Help Desk as phishing.
  • Some users would trust the sender’s name and click.
  • Some users on mobile devices where often the from email address cannot be viewed would click without checking for suspicious information.
  • Some users would click because it looked like there was more to read.
Kudos to all who questioned the legitimacy of the email or reported it as phishing by the method above.
  • The phish email was sent to 599 users.  Note that some of you may have never seen it as our Junk Mail filter may have already caught it.
  • Quite a lot of users called or emailed the Help Desk asking for guidance and/or reporting the emails as phishing attempts.
  • 7 users clicked on the link.
  • 6 users clicked from the desktop.
  • 1 users clicked from an android mobile device.

Guidelines for Handling Suspicious Email

  • If you receive a junk or phishing email in your Inbox, you should contact the VWCC Help Desk for verification before clicking.
  • Check the address – is it familiar to you?
  • Check the sender (From).  Do you know that person?
  • Check the content – does it make sense to you? Does it sound like something the person would write?
  • Check the grammar in the email for obvious mistakes and misspellings.
  • Hover over the link BEFORE you click – is it real?
  • If in doubt – DON’T (click, enter credentials, etc.)
  • Check the emails you send to make sure they don’t LOOK like spam.

While cyber threats and phishing attempts are becoming more sophisticated over time, please keep in mind that 95% of all cyber breaches involve human error. Thus, not clicking on various email links and deleting these emails or reporting them, as Phishing, immediately will go a long way in keeping the VCCS’s data safe from these types of threats!

If you have any questions, please contact Natalie (ntalbott@vccs.edu), Brenda (bbowling@vccs.edu) or Shivaji Samanta (ssamanta@virginiawestern.edu)!

ID Badges

All employees of VWCC are required to have a VWCC ID badge in their possession and must present it upon request of Campus Police, faculty, or staff. This ID badge is important for you to have as you conduct college business, such as traveling and purchasing.

New employees must have their ID badge issued within 30 days of beginning employment.

Once you have been given a completed ID Badge Form by your school office/department, please make an appointment with the Student Activities Office (540-857-6326) in the Student Life Center to have your photo taken and your badge issued. Adjunct faculty are provided semester stickers to place on their badge which indicate that the badge is current for the semester.

If your badge breaks, take the broken parts to the Student Life Center for a free replacement.

If you lose your badge, the Student Life Center will replace it for a $5.00 fee.

VW Mass Notification System

Get alerted about specific college events, emergencies and other important community news by signing up for the VW Mass Notification System. This system enables Virginia Western to provide you with critical information quickly in a variety of situations, such as campus events, registration and financial aid deadlines, severe weather, unexpected road closures, missing persons and evacuations of buildings or neighborhoods.

You will receive time-sensitive messages wherever you specify, such as your home, mobile or business phones, email address, text messages and more. You pick where, you pick how.

Click here to sign up or edit your preferences.

Please contact the Help Desk at helpdesk@virginiawestern.edu or 540-857-7354 if you have any questions/concerns.

Click here for the Inclement Weather policy and Delayed Class Schedule.

NOTE: If all you need is text alerts for school closings and emergencies, you can also sign up to our separate text gateway by texting VWCC to 888777 from your mobile device .

ISO27000 Standard

Virginia Western is one of 23 community colleges in the Commonwealth of Virginia and all information technology policies and guidelines are derived from the ISO27000 Standard.

To review all VWCC’s information technology policies and guidelines, visit IET’s site on VWConnect (on-campus or virtual desktop only).