When Wendy Perry, program coordinator, PhD Senior, was checking her email recently, she saw one that looked suspect. She followed the instructions from the Duke Health Information Security Office (ISO) and reported the email to the IT Security Office using the Report Phish to Duke button in Outlook. It turns out that Perry correctly recognized the phishing exercise email sent by the ISO.  

Perry’s advice to members of our DUSON community is to refrain from clicking anything if you don’t recognize the sender.

"Pay more attention to the email address and the person who the email is coming from," she said. "If it shows a Duke email address, I will search for the name in the Duke directory before opening the email.”  

Each month, the ISO creates and sends a simulated phishing email. They track two statistics: a) the number of DUSON users who click the bogus link in the email; b) the number of DUSON users who report the email using the Report Phish To Duke button in Outlook. This is designed as a teaching exercise and used as a real-world evaluation of risk. DUSON only tracks total numbers, and individual results are not shared with us.  

In appreciation for our participation in this vital program, the CISO team awards a challenge coin to one individual from DUSON who reports the simulated phish using the Report Phish to Duke button in Outlook. In addition, the CISO Reporter of the Month also earns the title Duke Information Security Ambassador.  

Congratulations to Wendy for being our latest DUSON CISO Reporter of the Month.