NewsBite

University of Adelaide tech team taken to task over bogus vaccine email

The University of Adelaide has dressed down its cyber security team after a simulated phishing exercise went wrong.

Tim DoddTim DoddHigher Education Editor
Adelaide University chief operating officer Bruce Lines.
Adelaide University chief operating officer Bruce Lines.
less than 2 min read
8:00PMJune 04, 2021.
Updated 7:23PMJune 05, 2021

The University of Adelaide has dressed down its IT security team after it sent a bogus phishing email to all staff offering Covid vaccines, which sparked a rush on the university’s health service.

An estimated 40-50 per cent of staff clicked on the link in the simulated phishing email, which contained spelling errors and purported to come from the ­address “COVID noreply@corp-update.com”.

The university’s chief operating officer, Bruce Lines, emailed all staff on Friday afternoon offering his “deepest apologies” for the email, which he said was “was ­totally inappropriate and in the worst possible taste” during a pandemic when people were “under significant stress and anxiety”.

“It should never have been sent, regardless of the requirements of the simulation exercise. I know many of you will be feeling upset and that this does not at all accord with our values, including that of ‘respect’,” Mr Lines wrote. “While these simulated exercises are a vital part of the university’s security activities, more attention must – and will – be given to the subjects of future emails.”

Mr Lines said he had addressed the matter “in the strongest possible terms” with the university’s ­information technology and digital services team, adding that “a more robust approvals system will now be put in place”.

However, before Mr Lines ­intervened, the university’s chief information security officer, Shuichi Sakai, was unrepentant about the simulation. Hours after the bogus email was sent, he emailed all staff justifying the exercise.

“I appreciate that some of you felt tricked after learning it was a simulation,” he wrote.

“The reason that we send simulated scam emails is to help university staff learn to recognise them, as phishing emails like this are sent by malicious entities on a regular basis.

“Cyber attacks have been on the increase in the tertiary sector, so it is critical that university staff are able to identify them to keep our data and systems safe and ­secure.”

He promised more “cyber ­security awareness materials” in coming weeks.

Read related topics:Coronavirus
Tim Dodd
Tim DoddHigher Education Editor

Tim Dodd is The Australian's higher education editor. He has over 25 years experience as a journalist covering a wide variety of areas in public policy, economics, politics and foreign policy, including reporting from the Canberra press gallery and four years based in Jakarta as South East Asia correspondent for The Australian Financial Review. He was named 2014 Higher Education Journalist of the Year by the National Press Club.

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

More related stories

Original URL: https://www.theaustralian.com.au/higher-education/university-of-adelaide-tech-team-taken-to-task-over-bogus-vaccine-email/news-story/f363d078b5a205ff2b82020974f07397