"Catch The Phish" : Play to improve your malicious email detection skills



This inaugural "Catch the Phish" competition is intended to emphasize the importance of being effective in recognizing the threat of malicious emails. Not only at work, but also in our personal lives. The statistics are clear: over 90% of all data breaches start with a successful phishing email.

The use of simulated malicious emails has become common practice in many organizations. Giving it a competitive component is adding a fun and motivating element to the learning experience. When we all improve our phish catching skills we can keep the College more #CyberSecure.

Everybody is invited to participate on a voluntary basis.

This is what you need to know about this competition:

  • The simulated phishing emails are harmless. If you accidentally click on a link or respond your account will not be compromised. 
  • ITS has no intention to trick you. We learn from our mistakes. Some phishing emails look very realistic and some of our real email look alot like phishing emails. If you do click on a link you will get to a web page informing you that you responded to a simulated phishing email
  • This competition lasts for 4 weeks from the day everyone a test phishing email. This email will invite you to identify yourself as a participant by reporting it via Outlook PhishHook
  • You will receive multiple simulated phishing emails at random days and times. Not everybody will receive the same simulated phishing email and not at the same time.
  • ITS will publish weekly intermediate results. You will find out how you and your department are doing relative to others.
  • In week 5 ITS will publish the finals results. We will announce the Top 5 of highest scoring employees and departments.
  • Every simulated phishing email is given a difficulty level and score:
    • Easy      = 2 points,
    • Medium = 2 points,
    • Hard      = 3 points AND
    • 1 bonus point if you can correctly identify the indicators that make it a suspicious email (only applicable for difficulty Medium and Hard
  • Use the Outlook PhishHook Add-In to submit the simulated phishing email and use the reporting window to identify the indicators


Interested in testing your Phishing Skills? Just Opt In!

Click on the following email link, send the email and we will include you:  Joining the "Catch The Phish" Competition




Article ID: 88595
Mon 10/7/19 1:46 PM
Thu 10/17/19 10:23 PM

Related Articles (1)

The Outlook PhishHook Add-In is available to every RIC Office 365 user to easily report a suspicious email. Reporting these emails assist Information Technology Services (ITS) in protecting others from becoming a victim of a phishing attack.