Holiday Health and #ToxicStress

"More than 75 percent of recipients fell victim to the campaign email." Did 75% actually open the email, or is that a combined opened and/or deleted the email? I got a "congrats" pop up when I clicked the "phish" button after searching for one of the older links about how to recognize phishing versus spam to see if you wanted us to report that type of email or not, but I was a little disappointed that it wasn't easier to find a FAQ/what to do on the Help Desk homepage as that was the first place I checked. This is what I used: http://intranet.mayo.edu/charlie/office-information-security/how-to-spot-a-phish/, but I think this link is even more helpful: http://newsletters.mayo.edu/newscenter/Article.aspx?contentID=DOCMAN-0000163198

This test was an effective teaching tool. Like most of us, I suspect, I hate getting the wrong answer. You can bet that I will remember to use the fish icon on the toolbar rather than just hitting delete like I did this time.

If we report something as Phishing it leaves our email but what happens if it truly was not Phishing will we get the email back so we can respond?

How do you report Phishing on an iPad?

I agree with April. There had already been a lot of talk "around the water cooler" in my work area so I just deleted it and then removed it from my deleted items folder. Otherwise I would have clicked the fish. I never open any e-mail that is not clearly from someone or something I recognize. I always used to delete it, remove it from deleted items and then take it out of the recover deleted items folder. Now I just click the fish which according to previous posts may not be the best thing to do but it is certainly the safest

When will the phishing button be added to the Mac version of Outlook? I received the email and immediately deleted it since I don't have that function.

I received this email and I can tell you exactly why I failed the test, what was going through my mind when I read the most recent test email. I had received a previous email a couple of weeks earlier that I thought suspicious for phishing. I reported the previous suspicious email, and received a response back that it was a false alarm, that because the email did not ask me for any personal information, it was not a phishing attempt but rather spam. So when I got the latest test email, and it did not ask for any personal information, I figured it was safe, not worthy of reporting, opened it, and BAM, fail. I am now more confused than ever about what to look out for and what to report.

Thanks for the update on what to do with suspicious emails. Past recommendation was just to delete them. What is the latest on recurring emails from outside institutions/companies/associations that we no longer care to receive. Unsubscribe or still delete? I have tried to weed them out with "Rules" but I get too many to do this practically.

I do not have the fishing button on my outlook toolbar either

So… We really didn't get an e-card?

I'm with Kelly W. In addition, I would like to share that I have never gotten any type of Phishing emails before. So I want to commend our IT/OIS people for keeping it out of our inboxes to begin with!! Kudos!

i opened it on my iphone, and had no idea which of my multiple email accounts it was coming to. had I seen the email on at work, and recognized that it was coming to my mayo account, I would have been more suspicious. just noting that context makes a difference in perception and behavior. I wonder if this is taken into account.

I had the same experience. In my case, it's particularly ironic because I'd recently sat through a presentation about this project which identified the earmarks of phishing. Because the contents of the "phishing" e-mail did not match what I recalled from the description given in the presentation, and I'd already attempted to report a similar e-mail in the past only to be informed that it was not a phishing attempt (although it could well have contained a link that triggered malicious code), I decided not to report the "legitimate" phishing e-mail and deleted it instead.

I agree that the exercise confused the issue in some ways. When we opened the email, we failed it. It had not "asked us for personal information or invited us to click to another website" in the subject line.

I never opened the attachment or tried to download it, but I did open the initial e-mail. I even hovered over the "report phishing" button for a minute before I opened it. I guess if it doesn't feel right, it's not!