CITES will test Targeted Attack Protection, an anti-phishing program, for 20-30 days starting at the beginning of May. The purpose of the evaluation is to determine whether the University will use TAP to prevent future phishing attacks.

CITES Chief Communications Officer Brian Mertz said CITES is still generating a pool of testers for the service. 

“We’re only starting with a limited number of staff — although students are free to sign up to help evaluate — for the limited evaluation window we have from the company,” Mertz said.

Proofpoint, a company that provides data protection services for businesses and other organizations, maintains TAP. Many of the large and highly publicized data breaches in recent years have started with one carefully written email that tricks users into divulging sensitive information, according to Proofpoint’s website. Proofpoint works to prevent this by analyzing a variety of factors, sometimes “hundreds of variables in real time.”

Ross Wolf, senior in Engineering, said he wonders whether the service could potentially slow down email traffic and even cause the Proofpoint service to shut down if a large enough phishing attack were coordinated.

“It takes more effort to evaluate an email than it does to just send one,” Wolf said. “But because Proofpoint does this professionally, I doubt it is a legitimate concern. I’d assume Proofpoint has lots of redundancies and fail-safes in place.”

Mertz said CITES is not sure if it wants to make a commitment to TAP until it is sure the service works against the phishing emails sent to Illinois accounts.

“The point of the evaluation is to decide whether this is a product we want based on real data, instead of just going off of the vendor’s description of the product,” Mertz said.

Janelle can be reached at [email protected].