ITS Phishing Communication Plan [INTERNAL]

Summary

When a phishing attack occurs at UW-Platteville, the following communication plan will be implemented. Includes instructions for ITS Communications and the ITS Help Desk manager/staff.

Body

When a phishing attack occurs at UW-Platteville, the following communication plan will be implemented. Plan includes instructions for ITS Communications and the ITS Help Desk manager/staff.

Phase 1 – incident occurs

  • # of reports received = at least 10 (or at discretion of Help Desk Manager)
  • Action
    • HD manager (or designee)
      • Creates a Problem ticket in TDX, which notifies Communications group through workflow
      • Adds new reports as they are submitted
      • Updates Problem ticket as appropriate
    • Communications group: Julie (point person)
      • Consults with HD manager (and Phishing Chat?) about whether communication needs to be posted and/or sent; factors include how fast reports are coming in, who the alleged sender is, whether there are also compromised accounts, topic that is particularly enticing, etc.
        • If small scale, communication may be handled 1:1 with affected account holder(s)
      • Posts ITS Alert to Pioneer Portal > Email button
        • Template in Teams > ITS Leadership > Comm-Training > Julie: PROBLEM_Phishing.docx
        • Set notice to expire in one week
        • If multiple attacks occur in short amount of time, post as Update to original Portal notice
      • Posts to Facebook if appropriate
      • Mocks up screen shot with tips for recognizing this particular phishing attempt (Snagit)
        • Creates and publishes KB doc with relevant tags (title = Security – EXAMPLE: Phishing attempt MM.DD.YY)
 

Phase 2 – incident escalates

  • # of reports received = at least 30 OR increases quickly OR high value "sender" OR # of compromised accounts is high (at discretion of Help Desk Manager) 
  • Action
    • HD manager
      • Alerts Communication group, if interaction hasn't already been established
    • Communications: Julie and Mike S
      • Mike will send ITS Alert email to all-l@uwplatt.edu (active staff, faculty, and students; guests; emeriti); may also send to targeted group, e.g., staff-l or students-l, if more appropriate
        • See template in ITS Leadership > Comm-Training > Julie: PROBLEM_Phishing.docx
        • Use same verbiage as previous posts, including action to be taken; modify as necessary to fit the situation
        • If multiple attacks occur in short amount of time, include all in one email if possible
        • Signed: Individual, title, w/full signature (to avoid more phishiness)
      • Post to FB if you haven’t already, if appropriate
    • Follow-up
      • Depending on situation, may send follow-up to recipients
        • Subject format: ITS Alert Update: Phishing attempt MM.DD.YY 
      • Depending on situation, post follow-up to Portal/Email button, FB

Please direct questions about this plan to Nathan McCarthy-Gilmore, CIO.

Details

Details

Article ID: 13465
Created
Thu 6/27/24 5:57 PM
Modified
Tue 12/16/25 6:11 PM