Simulated Phishing Campaigns

Industry research has shown that internal simulated phishing programs can help raise information security awareness among employees. These simulated phishing campaigns offer a safe way for our employees to understand phishing threats as they impact our university.

Since these simulated phishing messages are not malicious, clicking on a link does not create the same risk to the university. They offer a safe learning opportunity for our employees and provide immediate feedback for training.

We use the information collected during these campaigns to help guide our internal awareness initiatives, identify those who are most at risk for phishing attacks, and offer additional training to help protect our employees.

• Use the Phish Alert Button to report any emails you suspect may be phishing.  This will help us understand what phishing emails are targeting our community.  By reporting suspicious emails, you are helping to protect your fellow Knights.
• Do not respond to the sender of the phishing email.
• Learn more about how you can protect yourself from phishing here.

You can easily report phishing emails by using the Phish Alert Button. You can learn more about this reporting process here. 

• You should report incidents of this nature to the Security Incident Response Team (SIRT) immediately. Learn how to report security incidents here.
• If you provided your account password, you should change it immediately to a new, secure password.
• If you provided your cell phone number, please be aware of the possibility of increased text-based phishing messages (known as smishing). Avoid clicking on links in unexpected text messages, and if in doubt, contact the company directly using a known good number instead of any numbers provided via text. Remaining vigilant is the best defense against these types of attacks.
• For more information about reporting security events to SIRT, click here.