Simulated Phishing Awareness Campaign

To: UCSC Community

From: Chief Information Security Officer, Brian Hall

UCSC is launching a simulated phishing campaign to educate the campus on up-to-date phishing email tactics. Think of these simulated phishing emails as an exercise - we want you to react as you normally would if you received a real phish. To learn more about phishing, visit the Avoiding Phishing Emails web page.  

What will happen?

Last month, we sent an initial simulated phish to capture baseline metrics for UCSC’s response to phishing attacks. Beginning this month through the 2020-21 academic year, you will receive multiple simulated phishing emails per standard industry best practices. If you click on a link in the simulated phishing email, you won’t experience any negative consequences. You will be directed to an educational web page designed to help you recognize and respond appropriately to email phishing. Individuals who click on the link will not be identified.

The purpose of this campaign is education and awareness. The sophisticated nature of next generation phishing is easy to fall for. Google filters out or alerts to suspected spam and phishing emails, but no filter is perfect. Ultimately, it’s up to you to recognize phishing and know what to do when you encounter it.

What to do!

When you receive a phish, do not respond to it; instead, train your spam filter and report it to Gmail. No need to report phishing emails to the ITS Support Center unless you have responded directly to the phish.

If you have questions about this campaign, please submit an IT Request ticket at https://itrequest.ucsc.edu or contact the ITS Support Center by email help@ucsc.edu or telephone 459-HELP (4357).