Simulated Phishing Email Program to Launch in May

Beginning in May 2024, the UMW IT Security Office will begin sending simulated phishing emails to faculty and staff.

Phishing emails are a leading cause of security incidents, and they are difficult to prevent. Sending simulated phishing emails to employees is a commonly used, best-practice method of raising awareness of phishing emails and improving an organization’s overall security posture.

The purpose of the simulated phishing emails is purely educational.

• The simulated phishing emails will be sent randomly to faculty and staff.
• The results of the simulations will not be used to reprimand or embarrass. Users who respond to a simulated phishing email by providing their user ID and password, clicking on a link, or opening an attachment will be notified by the system that the email was a simulation.
• All results are confidential. No managers will have access to the data results of their employees.
• Users who frequently respond to the simulated phishing emails will be offered additional security training by the IT Security Office.

Simulated phishing is a safe and effective way to become familiar with techniques and tactics used in actual phishing emails.

Thank you for your participation and support in keeping UMW’s systems and data secure.