University end users are pretty good at identifying a scam.
Only 10 percent of simulated phishing emails sent to users at education institutions were successful, a new study from Wombat Security Technologies reports. The company monitored tens of millions of simulated phishing attacks sent over the course of a year through its Security Education Platform across more than 15 industries.
The State of the Phish 2018 report found that users in education were less likely to click on a phishing attempt than those in technology, entertainment, hospitality, government, consumer goods, retail and telecommunications.
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.