UCSC is resuming the simulated phishing campaign to educate the campus on up-to-date phishing email tactics. Think of these simulated phishing emails as an exercise - we want you to react as you normally would if you received a real phish. To learn more about phishing, visit Avoiding Phishing Emails web page.
What will happen?
Beginning this month through the 2022-23 academic year, you will receive multiple simulated phishing emails per standard industry best practices. If you click on a link in the simulated phishing email, you won’t experience any negative consequences. You will be directed to an educational web page designed to help you recognize and respond appropriately to email phishing. Individuals who click on the link will not be identified.
What is a phishing simulation and why are they important?
A phishing simulation is a phishing test where a fake malicious email is sent to you to assess the response to a real-world phishing attack. The purpose of this campaign is education and awareness. There is a common misconception that phishing is easy to spot and that only less technically-savvy people will fall victim — but this is far from the truth. In fact, more than 80% of reported cyber incidents are tied to phishing attacks, most of which are delivered through email.
UCSC does not verify incoming emails coming into our domain. We use Google to filter out or alert you to suspected spam and phishing emails, but no filter is perfect. Ultimately, it's up to you to recognize phishing and know what to do when you encounter it.
What to do!
When you encounter a suspicious email, do not respond to it; do not click on any links or attachments instead; instead train your spam filter and report it to Gmail. No need to report phishing emails to the ITS Support Center unless you have responded directly to the phish.
Questions?
If you have questions, please contact the ITS Support Center by email help@ucsc.edu or telephone 459-HELP (4357).
