Phishing Simulations at St. Thomas

The Information Security team in ITS at St. Thomas periodically conducts phishing simulations on University faculty, staff, and students. What is a phishing simulation, what is its purpose, and how does it work.

The Information Security team in ITS at St. Thomas periodically conducts phishing simulations on University faculty, staff, and students.

What is a Phishing Simulation?

Phishing simulations (also called phish testing) are imitations of real-world phishing emails that we send to the community.  The emails mirror cyber threats that our community may encounter in their daily online activity.

What is the Purpose of a Phishing Simulation?

Phishing simulations are used as a teaching tool to help our community recognize and avoid cyber threats like phishing, social engineering, and ransomware.  The goal is to teach our community how to detect and avoid phishing attacks in a safe environment and create a security-aware culture at St. Thomas.

How does the Phishing Simulation Work?

Simulated phishing attacks that look like real world email scams will be sent to the St. Thomas community.

• If the recipient recognizes the email as a phishing attempt, they should forward it to phishing@stthomas.edu. 
• You can also use the built-in “Report” option in Outlook for suspicious emails. This lets Microsoft know you’ve found an email that may be phishing. If a recipient does “Report” a simulation email in Outlook, they will be notified immediately that they correctly identified an email as phishing.
• If the recipient clicks on the “malicious link” and provides sensitive information, they will be alerted that this is the phishing simulation and be provided with educational training about how to recognize these types of scams.
• While the ITS will be able to see how individuals respond to these simulations, individuals’ results will not be shared.  The results will be used to help the Information Security team better understand the types of threats that affect our campus and put steps in place to help minimize them. If you do accidentally click into the phishing email, please complete the suggested training to ensure that the University’s and your data stay safe in the future.

The Phishing Simulation is just another tool to help educate our community about cybersecurity.  If you ever have questions about an email that looks suspicious or just doesn’t seem right, send it over to the phishing@stthomas.edu email and ask the ITS Information Security Team to check it out.  We are here to help!