Phishing Awareness FAQ

How can I get out of this Training?

No one is exempt from this training. All are a part of this education campaign.

Why are we doing this?

To change user behaviors which will lower the risk of a data breach and reputational damage to the Society, as well as lower the cost of IT services to the Business, thereby making more money available to mission. This is an industry best practice for educating employees.

Who is going to find out I clicked?

All metrics are going to be gathered in summary, by region and department and reported to the SLT and on the Manager Briefing.  No specific people will be reported.  This is not an exercise to shame people but to help them see in real time the risk hiding in their Inbox so they can better identify the attempts by criminals to steal our resources. 

When should I contact the Service Desk? 
Please contact the Service Desk when you have clicked on a bad link, entered credentials and hit submit, or opened a suspected bad attachment. The Service Desk will work to determine if
you have been compromised.

How do I report a phishing attempt without contacting the Service Desk?

Please report phishing attempts via Outlook by clicking the Report Phishing button, choosing the Report as Phishing menu item under the Junk Menu, or save email as .msg (in My Documents) then email a copy of the .msg file to

Why do I have to take this training?

Phishing is the easiest and most direct route into the Society network and resources. Every day, criminals are emailing trying to get malware on our machines, and access our employee and customer data for their financial gain. Educating employees to this risk and how compromise happens is the #1 way we can protect the society.

Is this training mandatory?

No, training is not mandatory at the time. However, the fact that you clicked on a fake phish suggests that you will be better able to protect the Society as well as your personal information in your personal email account by taking 5 minutes for the training.