Internal Phishing Program

As part of our ongoing efforts to help defend App State from increasing cybersecurity threats, ITS will be sending out test phishing emails.  These internal phishing messages are learning opportunities and employees will not be punished for falling victim to a test phishing attack.

Phishing is a type of social engineering attack often used to steal user data, including login credentials, credit card numbers, and personal information.  To learn more about phishing, visit our page on Protecting Yourself From Phishing Attempts.  

The test phishing messages will simulate real-world attacks that we are often observing in our security monitoring practices.  These test messages will be sent out at random intervals throughout the year.

Key Takeaways:

  • Phishing test messages will simulate real-world phishing attempts, starting with easily identifiable phishing scenarios and progressing to more advanced scenarios as employees improve their responses.
  • Employees who receive suspicious emails should forward them to phish@appstate.edu, regardless of if they think it is part of the test or not.
  • The results of these phishing tests are only visible to the ITS Office of Information Security.  
  • Reporting on these tests will be anonymous.
  • If you click on a link in one of these messages, you will receive information to help spot and avoid similar phishing messages in the future.  Employees who fall for a phishing attempt will be redirected to an educational webpage comprised of phishing information and training opportunities, including the identification of specific elements within the message that would help to distinguish it as fraudulent.
  • Our goal is to increase employee security awareness and decrease the number of employees who click on malicious emails.

With all suspicious emails, remember these helpful steps:

  1. Look at the sender email - is it an App State email?  Is this someone you know?
  2. Are they asking for personal information?  Or for you to download an attachment?
  3. Don't click on links if the email seems suspicious or unusual.
  4. Send suspicious emails to phish@appstate.edu before taking any action.

Employees are strongly encouraged to treat all suspicious emails as potentially dangerous.  While these simulated messages are not malicious, real phishing attacks pose a great threat to our university community.  You can help us to identify suspicious emails by forwarding them to phish@appstate.edu .