Good day everyone,

A little over a week ago you may have received a message in your inbox that looked something like this example below:

This email was generated by an online Phishing Testing organization to test the effectiveness of user’s awareness of potential phishing schemes. As an organization we scored extremely well on our first test.

Let’s have a look at the key Red Flags to note in this email.

1. Who it came from: From: IT <IT@westviewcoop.ca> (IT via psm.knowbe4.com) Note the email address although looking like an @westviewcoop.ca email address, it was sent from outside our organization. Brackets indicate it came from psm.knowbe4.com, our email service flagged the subject line with [EXT] and prepended the message with a highlighted caution note stating the email was from outside our organization and to use extra caution

2. The sense of urgency driven by the sender to incite panic with the recipient to act immediately or else. This is depicted in the subject line using words like Urgent and Mandatory and again in the message body with verbiage like mandatory and immediately.

3. Mousing over the link in the email (removed from the example above) shows the link to direct the recipient to some site called service.my-cloud-mail.com not an actual Microsoft website.

What should you as an end user do when encountering an email like this?

• At best, forwarding the message to me and then deleting the message and removing the message again from your Deleted Items. By forwarding me the message I can then take the necessary steps to send out an email alert to other users to be mindful of a phishing attempt and I can post the notice on our Westview Co-op Help Desk.

• At the very least users should reach out to me either by phone, text or email asking if the email is legitimate.

• If in doubt, Delete the message immediately and delete the message again from your Deleted Items.

What should you as an end user NOT do when encountering an email like this?

DO NOT CLICK any links or open any attachments. Password resets are never just sent out to users to force them to immediately change their passwords.

Globally the industry average of users that fall victim to this type of phishing attempt is 30%, that’s 3 in 10 people would normally click that link. After training and an active awareness education process that industry number drops to 3.6% of users fall victim to this phishing attempt.

So how did we do?

I sent out nearly 100 emails to our users with a click through rate of 3%. Westview Co-op did an exceptional job in exercising caution when confronted with this type of email scam. Over and above this score nearly 30% of users reached out to me directly to verify the legitimacy of the email and or to let me know that there was a scam email going around.

Well done everyone!

Remember the number one risk to our Company’s Data Security is the human error factor. This human error factor is also the one thing that an antivirus or antimalware software can not protect us from. Education and awareness are our number one defense mechanisms to ensure a safe computing environment.

Regards,

Don Guilbeault

Technical Support Coordinator

Westview Co-operative Association Limited

P. 403.556.3335 Option 2, 8| C. 403.899.9752 | F. 403.507.2405

P.O. Box 3970, Olds AB. T4H 1P6, Canada

don.guilbeault@westviewcoop.ca | www.westviewco-op.crs

Let us know how we are doing please fill out our guest survey www.westviewcares.ca

This email including attachments is confidential. If you are not the intended recipient, any redistribution or copying of this message is prohibited. If you have received this email in error, please notify us immediately, by return email, and delete this email.