Reflections on a year of phishing reporting

Since early December 2022 the Cyber Security Team at University of Surrey has operated a phishing reporting mailbox which integrates with a Report Phish button deployed to all Outlook clients. This enables staff and students to report suspect emails to members of the Cyber Security Team for further analysis, and if appropriate, takedown of malicious resources.

We would like extend thanks to those staff and students who have participated in this important aspect of organisational information security – your reports are invaluable and have led to an appreciable improvement in security of email within the University of Surrey.

Phishing reporting is a key component of the cyber awareness trifecta at Surrey: training, phishing reporting, and phishing simulation.

In particular, we thought that some reflections on trends identified within reported emails might be of interest for our University community, who in many respects act as the ‘eyes and ears’ of the organisation.

In the time that we have been running the reporting button, it has been used to report 3234 emails. Every email that is reported to us is checked by someone in the team and if judged to be potentially malicious, we work with the website and the email hosting companies to get the malicious sites and email addresses taken down, reducing threat from that source.

In the last year the Cyber Security team has worked to take down over 300 malicious websites as well as a number of external mailboxes used in phishing. This helps not only the University, but also the wider community stay safe from cyber attacks, and reporting of malicious emails has been incredibly valuable in this endeavour.

One huge benefit of having all phishing reported in one place has been the ability to watch for patterns. This has enabled us as a team to notice some of the more prominent trends and take actions such as releasing further communications about these kinds of scams, such as covered in our posts on Gift Card Scams and QR Code Phishing. Our list of supported email attachments has also been tweaked based on the types of malicious files reported by our community.

Again, thanks, and please do cntinue to report emails using the Phish Report button as it helps us protect the University and the wider community from phishing attacks. Additionally, the mailbox is checked daily and we will reply to you if appropriate (e.g. if what appears to be a genuine email has been submitted), so if you are unsure, please do report it and we’ll get back to you for follow-up.