Skip to main content
Information Security

SCU Security Guides

Phishing Simulation Program

Overview and details on SCU's Phishing Simulation Program.

Overview:

Phishing poses a significant threat to our cybersecurity. To help our campus identify and avoid phishing emails, Santa Clara University has launched our Phishing Simulation Program. The SCU Phishing Simulation Program equips students, faculty, and staff with the necessary tools and knowledge to safeguard SCU against cyber threats.

This is accomplished through periodic tests which simulate real phishing emails. When a recipient clicks on a link in a simulated phish, they are redirected to a web page that provides tips on how to better identify malicious emails. This helps educate that recipient to avoid similar phishing emails in the future.

Why are we doing this?

Phishing is the single greatest threat to our cybersecurity. It is estimated that 90% of cyberattacks start with phishing. This program will:

  • Improve SCU’s security against cyberattacks: The goal of this program is to improve the SCU community's ability to identify and report phishing emails. All Santa Clara faculty, staff, and students share responsibility for ensuring the safety of our community from cyberattacks. This program is designed to help individuals make informed and secure choices when evaluating emails.
  • Help protect you and your family: We want to prepare every member of the SCU community with cybersecurity practices that will keep you safe both at campus and at home. While many phishing and other malicious emails target SCU, some target you. Improving your ability to identify scams, malicious emails, and other attacks helps you protect yourself from identity theft and financial fraud.

These exercises will:

  • Deliver simulated phishing emails based on actual phishing attempts found at SCU.
  • Give our community experience in identifying and reporting phishing emails.
  • Reward consistent reporters.
  • Provide the Information Security Office an evidence-based understanding of our community’s phishing risks.

These exercises will not:

  • Send “gotcha” emails using messages more sophisticated than what we typically receive.
  • Directly impersonate Santa Clara staff, faculty, or offices.
  • Report or take punitive action against those who click.

What to do when you receive a suspicious email?

Report suspicious emails by using the "PhishAlarm" add-on in Gmail. Please use the PhishAlarm button instead of forwarding to the Technology Help Desk or to the Information Security team, or using Google’s “report phishing” (under the ? button). PhishAlarm automates the removal of malicious email from our environment, so the campus is protected faster when you use it.

Icon of the PhishAlarm in Gmail that is used to report suspicious emails.

For more information on how to use PhishAlarm, visit: https://www.scu.edu/technology/get-connected/google-workspace/gmail-and-phishalarm/

Additional Questions?

If you have any further questions or concerns, please contact the SCU Information Security Office at iso@scu.edu.

Graphic of laptop and phishing email.

Image by https://storyset.com.