OFFICE OF THE CHIEF INFORMATION SECURITY OFFICER,
UC SAN DIEGO
January 6, 2023
ALL ACADEMICS AND STAFF AT UC SAN DIEGO (excluding UC San Diego Health)
Campuswide Expansion of Simulated Phishing Campaigns
As part of our ongoing cybersecurity educational campaigns, for several years IT Services has conducted “mock phishing” email campaigns to VC-CFO staff. We feel these efforts have improved awareness on spotting the telltale characteristics of phishing emails and how to report them.
Therefore, after consulting with the Executive Vice Chancellor and the deans, starting this month we’ll expand simulated phishing campaigns to all academic employees and administrative staff campuswide.
(Note: UC San Diego Health IT also conducts similar campaigns with its personnel with @health.ucsd.edu addresses.)
About Phishing Emails Phishing emails - malicious emails that masquerade as ordinary emails or notifications - are the primary method used by hackers to compromise accounts and introduce malware into the UC San Diego network. Often they are disguised as an email that you might be reasonably expecting, like a notification from UC San Diego or even a co-worker.
How Mock Phishing Campaigns Work and What to Expect A simulated phishing email is a safe email message formatted to include several of the characteristics of a true phishing email. However, if you interact with the simulated phishing email, an informative message will be displayed providing guidance on how you could have recognized the message as illegitimate.
While aggregate statistics on the number of users who interact with the simulated phishing emails are collected, an individual’s rate of interaction will not be exposed or released. We use the interaction rate as a rough measure of the effectiveness of anti-phishing training and the resilience of the UC San Diego community to phishing attacks.
Each month a new set of simulated phishing messages will be sent, staggered slightly by time and date. IT Services will provide an overview online of campaign statistics starting in January 2023.
How to Report and Respond to Phishing Emails UC San Diego is inundated with phishing attempts - over 50,000 phishing campaigns target us annually.
If you receive a suspected phishing email, forward it to abuse@ucsd.edu.
If you have been “hooked” by a phishing attempt, don’t feel embarrassed or ashamed. Instead:
Report the incident to the Service Desk so you can receive help from a security specialist and help block attempts on others at UC San Diego. Contact the Service Desk via one of these methods: