Chloe Hayim, director of Institutional Research, was checking her email last week and noticed something wasn’t right with one message. She didn’t see any explanation about the service. “What tipped me off was the fact that I don’t have any trial memberships at work, so the context didn’t make sense,” Hayim said.

Hayim correctly recognized the phishing exercise email sent by Duke Health Information Security Office (ISO) and reported it to the IT Security Office. Her advice? If you don’t recognize the sender, do not click anything.

Each month, the ISO creates and sends a simulated phishing email. They track two statistics: a) the number of DUSON users who click the bogus link in the email; b) the number of DUSON users who report the email using the Report Phish To Duke button in Outlook. This is designed as a teaching exercise and used as a real-world evaluation of risk. DUSON only tracks total numbers, and individual results are not shared with us.  

In appreciation for our participation in this vital program, the ISO awards a challenge coin to one individual from DUSON who reports the simulated phish using the Report Phish to Duke button in Outlook. Our CISO Reporter of the Month also earns the title Duke Information Security Ambassador.  

Congratulations to Chloe for being our DUSON CISO Reporter of the Month!