IS&T has a procedure specific to those scams to block the scammer email address and notify recipients of the scam, so please do encourage folks to continue to report them (preferably using the Phish Alert Button (http://kb.mit.edu/confluence/display/istcontrib/Reporting+Phishing+Email). There is unfortunately usually a delay between when they are received, when they are reported to IS&T, and then when IS&T can respond, but IS&T continues to improve that process and the log data that allows us to send the notifications.

Training

• See "Training" under https://infoprotect.mit.edu/tools
  • KnowBe4 Training
    • Log in using your @mit.edu email address.
    • Select Library
    • Watch the two videos
    • Once completed, you will receive a certificate you can download and submit verifying you have completed the training

There are a few options for training. We have training available in Atlas and the KnowBe4 training portal (links and descriptions available on the Infoprotect site at https://infoprotect.mit.edu/tools). One of the KnowBe4 classes is specifically about Phishing, I believe the rest are more general security awareness. We also have phishing simulations that you can run through KnowBe4, with Managed Service hours to help you set up campaigns. If you'd like to get started with that we have a kb here http://kb.mit.edu/confluence/display/istcontrib/DLC+phishing+and+security+awareness+training. There is also a ton more training available through KnowBe4, that you can assign to your department or just to folks that fall for the phishing simulations. They range from short games, to more traditional computer based training, to Netflix style series.