Keeping our campus safe is a top priority. A critical part of campus safety means keeping our electronic data such as research, grades, and personal information away from those who should not have it.  Phishing (pronounced ‘fishing’) is one of the most common attack methods used by cybercriminals today. In fact, over 91 percent of cyber-attacks start with a phishing email, and three out of four organizations have experienced phishing attacks.

With electronic mail being a mainstay of personal and professional communication, malicious actors often utilize email in an attempt to steal personal or private information. Phishing emails are crafted to look legitimate but contain malicious programming or content used to capture sensitive data, which can put you and your workplace at risk.

Ongoing training on how to identify and avoid phishing scams is critical to cybersecurity at UCR. To help educate the campus and assess how well UCR responds to phishing attempts, Information Technology Solutions (ITS) is launching a phishing email simulation campaign that will run from February to June, 2020.

Between February and June 2020, a series of emails will be sent out to UCR faculty, staff, and students (@ucr.edu addresses) that will closely mimic an email phishing scam. Your job is to identify these phishing simulation emails and forward them immediately to abuse@ucr.edu. 

If you accidentally engage with one of the phishing simulation emails, you will be presented with a ‘learning moment’ containing tips and reminders on how to avoid phishing scams. At the end of the campaign, a high-level "campus report card" will be created and shared with campus administrators. Please be aware that any engagements with phishing simulation emails will not be reported at the individual level.

Fortunately, there are simple ways to spot a phishing email. Here are some warning signs to look out for:

• Bad grammar or punctuation 
• Strange fonts or paragraph spacing 
• Slightly modified email addresses 
• Forms that ask for sensitive information like usernames and passwords
• Links to strange websites
• Requests for money from what appears to be a “trusted” person

UCR Information Technology Solutions would like to thank you for your participation in this phishing simulation campaign. Together as a campus, we can ensure that our information remains safe and secure.