Moving forward in 2026, the Information Security team will begin broader phishing simulation campaigns that include all faculty and staff.

These simulated phishing emails are designed to look like real-world messages you might receive every day. They will be sent periodically and will not be announced in advance or followed by reminder emails, just like real phishing attempts.

Why are phishing campaigns important?
Phishing remains one of the most common and effective ways cybercriminals gain access to accounts and sensitive information. Even with strong security tools in place, attackers often rely on tricking people into clicking a link, opening an attachment, or sharing information.

Phishing simulations help:

• Build awareness of common tactics used by attackers
• Strengthen our ability to recognize suspicious emails
• Reduce the risk of real-world incidents affecting the university

These campaigns are about education, not punishment, and help us all stay one step ahead of constantly evolving threats.

Reporting suspicious emails is just as important as spotting them.

When you report a phishing message:

• The security team can investigate and block similar messages
• Other users can be protected more quickly
• It helps improve security controls across the institution

Even if you’re unsure whether an email is phishing, it’s always better to report it. Follow the instructions in Use “Report Suspicious” Tool in Outlook and Gmail to report.

What to expect

• Simulated phishing emails will begin after February 1
• Messages may look realistic and vary in style
• No reminder or “heads-up” emails will be sent
• Your participation helps strengthen our shared security posture

Thank you for being an active part of keeping our community safe. Cybersecurity is a shared responsibility, and your awareness and reporting truly make a difference.