Additional steps to protect you and the Council from online scams
Introducing new training for colleagues who interact with simulated phishing emails.
From 17 April, colleagues who interact with our simulated phishing emails will be required to complete a new e-training module. The training is designed to increase your awareness of phishing scams and how to handle them safely.
What are simulated phishing emails?
To help you learn to recognise phishing emails immediately and practise how to handle them safely, our ICT colleagues introduced a training exercise where they send emails which mimic common phishing scams.
These emails are sent to everyone on the council network and currently, anyone who interacts with one is immediately alerted and provided with guidance to help them identify phishing scams.
What's changing?
ICT will continue to send simulated phishing emails and if you interact with one after 17 April, you will be automatically enrolled in an e-training module provided by Microsoft.
If you interact with two simulated phishing emails in a row, you will be required to attend a one-hour, tutor-led training session via Microsoft Teams.
What to expect
The first time you interact with a simulated phishing email, you will be immediately redirected to a webpage to learn about the type of phishing scam you didn't spot. This page will contain a link to the e-training module which you must complete within 30 days.
You will also receive an email from notification@attacksimulationtraining.com containing your training link, instructions, and the deadline for completion.
Until you complete the training, you will receive reminder emails twice a week from trainingassignment@microsoft.com.
The content from both these email addresses is safe and it's important you do not ignore them or mark them as spam or junk.
Once you complete the training you will receive a confirmation email. If you do not complete the training within 30 days, this may be escalated to your line-manager.
If you interact with two consecutive simulated phishing emails
If you interact with a second simulated phishing email, you will be required to take part in a virtual training session, lasting for around one hour, with a live tutor on Microsoft Teams. If this happens, look out for an email from cybersecurity@renfrewshire.gov.uk with instructions on what to do next.
Prepare for phishing emails
To help you learn to spot and safely handle phishing emails and avoid automatic enrolment in additional training, you should complete our mandatory cyber security training on iLearn as soon as possible if you have not already done so.
It takes just 30 minutes to complete, and you can do it in stages by saving your progress and returning to it later.
Complete the mandatory Cyber Security module in iLearn.
What is Phishing?
Criminals frequently send emails that look like genuine messages from real people and legitimate organisations. These emails usually ask you to share personal information, and they often contain dangerous links and malware.
Interacting with these emails can have serious consequences and often leads to identity theft. They pose a huge risk to the Council as it takes just one person to accidently give criminals the access they need to hack our systems.
You are our strongest defence against cyber-attacks which are a real danger to the council and the local communities we serve.
Published on Tuesday 8 April 2025
Just a quick reminder: Staff Pulse Survey still open
