Introduction
At Loyola, we are constantly striving to improve cybersecurity awareness among students, faculty, and staff. One way we can measure understanding and strengthen defenses is through authorized phishing simulations. These safe and controlled assessments allow our Information Security Office to test how well the Loyola community can recognize real world scams before they strike.
This fall, Loyola will launch its first phishing assessment for students. The goal is simple: help our university build stronger instincts when it comes to spotting phishing attempts and encourage safer digital habits.
What Is a Phishing Simulation?
A phishing simulation is an authorized cybersecurity exercise where fake malicious emails are sent to participants to see how they react. These emails are designed to mimic real phishing attacks, using common tactics like fake login pages, masked links, attachments, and urgent language.
The simulated messages often include intentional red flags, such as misspellings, grammar issues, or unofficial sounding addresses. The goal is to give a safe opportunity for students and staff to examine these warning signs and get more comfortable identifying them outside of a testing environment.
What Are Some Past Examples?
In recent staff assessments, we have sent simulated emails with subject lines like:
- Notice of traffic violation
- Employee review document from HR
- Facebook external device login alert
These scenarios are chosen because they create a sense of urgency and prompt quick action. Our simulation software includes over 100 templates; all modeled after the latest phishing tactics. These tests are not meant to trick or punish, but to encourage recipients to slow down, think critically, and verify messages before interacting.
How to Pass the Assessment
Passing the assessment means you did not engage with the phishing email. This includes avoiding clicking any links, downloading attachments, or replying.
If you suspect an email is suspicious, the best step is to forward it to ITSServiceDesk@luc.edu so our team can verify whether it is part of a simulation or an actual threat.
What Happens If You Fail the Assessment?
Failing simply means you clicked a link or opened an attachment in the test email. You are not in trouble by any means, and your device is not at risk. Take it as a learning experience to be more vigilant about messages in the future. You will be redirected to a secure education page that explains what tactics were used and how to avoid falling for similar messages in the future.
Our team tracks which links and attachments are interacted with to identify common mistakes. This helps us know which areas to focus on in future training or support.
How To Stay Up to Date on Phishing Tactics
Cybersecurity threats are always evolving, but you can stay prepared by:
- Reading updates on the UISO Information Blog
- Keeping up with cybersecurity news and trends
- Completing security awareness trainings provided by Loyola or other trusted organizations
- Remembering the core phishing warning signs: suspicious senders, urgent or pressuring language, poor grammar or spelling, unexpected links or attachments, and generic greetings
Why This Matters
Universities are frequent targets for phishing due to the large amount of personal and financial data they manage. Students in particular often receive less cybersecurity training, which can make them more vulnerable to these kinds of scams.
When just one account is compromised, it can start a chain reaction that puts other users and university systems at risk. By staying informed and practicing caution, you are playing an essential role in protecting Loyola’s data and people.
Conclusion
Phishing simulations are a safe and effective way to prepare our community for real online threats. These controlled exercises help reinforce good habits, identify learning opportunities, and reduce the chance of falling victim to an actual attack.
If you ever receive a message that seems suspicious, trust your instincts and forward it to us at ITSServiceDesk@luc.edu. We are always happy to investigate and help.
Thank you for staying committed to cybersecurity awareness. With your help, we can continue building a safer digital environment for all. And remember, don’t take the bait!