{"id":2263,"date":"2025-07-15T15:42:20","date_gmt":"2025-07-15T15:42:20","guid":{"rendered":"https:\/\/blogs.luc.edu\/uiso\/?p=2263"},"modified":"2025-07-15T15:42:20","modified_gmt":"2025-07-15T15:42:20","slug":"phishing-assessments-dont-take-the-bait","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/uiso\/phishing-assessments-dont-take-the-bait\/","title":{"rendered":"Phishing Assessments: Don\u2019t Take the Bait!"},"content":{"rendered":"<p><b><span data-contrast=\"none\">Introduction<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">At Loyola, we are constantly striving to improve cybersecurity awareness among students, faculty, and staff. One way we can measure understanding and strengthen defenses is through authorized phishing simulations. These safe and controlled assessments allow our Information Security Office to test how well the Loyola community can recognize real world scams before they strike.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">This fall, Loyola will launch its first phishing assessment for students. The goal is simple: help our university build stronger instincts when it comes to spotting phishing attempts and encourage safer digital habits.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">What Is a Phishing Simulation?<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">A phishing simulation is an authorized cybersecurity exercise where fake malicious emails are sent to participants to see how they react. These emails are designed to mimic real phishing attacks, using common tactics like fake login pages, masked links, attachments, and urgent language.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">The simulated messages often include intentional red flags, such as misspellings, grammar issues, or unofficial sounding addresses. The goal is to give a safe opportunity for students and staff to examine these warning signs and get more comfortable identifying them outside of a testing environment.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">What Are Some Past Examples?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">In recent staff assessments, we have sent simulated emails with subject lines like:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"none\">Notice of traffic violation<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"none\">Employee review document from HR<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"none\">Facebook external device login alert<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">These scenarios are chosen because they create a sense of urgency and prompt quick action. Our simulation software includes over 100 templates; all modeled after the latest phishing tactics. These tests are not meant to trick or punish, but to encourage recipients to slow down, think critically, and verify messages before interacting.\u00a0<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559685&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">How to Pass the Assessment<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Passing the assessment means you did not engage with the phishing email. This includes avoiding clicking any links, downloading attachments, or replying.\u00a0<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">If you suspect an email is suspicious, the best step is to forward it to <\/span><a href=\"mailto:ITSServiceDesk@luc.edu\"><b><span data-contrast=\"none\">ITSServiceDesk@luc.edu<\/span><\/b><\/a><span data-contrast=\"none\"> so our team can verify whether it is part of a simulation or an actual threat.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">What Happens If You Fail the Assessment?<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Failing simply means you clicked a link or opened an attachment in the test email. You are not in trouble by any means, and your device is not at risk. Take it as a learning experience to be more vigilant about messages in the future. You will be redirected to a secure education page that explains what tactics were used and how to avoid falling for similar messages in the future.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Our team tracks which links and attachments are interacted with to identify common mistakes. This helps us know which areas to focus on in future training or support.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">How To Stay Up to Date on Phishing Tactics<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Cybersecurity threats are always evolving, but you can stay prepared by:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"none\">Reading updates on the UISO Information Blog<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"none\">Keeping up with cybersecurity news and trends<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"none\">Completing security awareness trainings provided by Loyola or other trusted organizations<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"none\">Remembering the core phishing warning signs: suspicious senders, urgent or pressuring language, poor grammar or spelling, unexpected links or attachments, and generic greetings<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><b><span data-contrast=\"none\">Why This Matters<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Universities are frequent targets for phishing due to the large amount of personal and financial data they manage. Students in particular often receive less cybersecurity training, which can make them more vulnerable to these kinds of scams.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">When just one account is compromised, it can start a chain reaction that puts other users and university systems at risk. By staying informed and practicing caution, you are playing an essential role in protecting Loyola\u2019s data and people.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">Conclusion<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Phishing simulations are a safe and effective way to prepare our community for real online threats. These controlled exercises help reinforce good habits, identify learning opportunities, and reduce the chance of falling victim to an actual attack.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">If you ever receive a message that seems suspicious, trust your instincts and forward it to us at <\/span><a href=\"mailto:ITSServiceDesk@luc.edu\"><b><span data-contrast=\"none\">ITSServiceDesk@luc.edu<\/span><\/b><\/a><span data-contrast=\"none\">. We are always happy to investigate and help.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Thank you for staying committed to cybersecurity awareness. With your help, we can continue building a safer digital environment for all. And remember, don\u2019t take the bait!<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction\u00a0 At Loyola, we are constantly striving to improve cybersecurity awareness among students, faculty, and staff. One way we can measure understanding and strengthen defenses is through authorized phishing simulations. These safe and controlled assessments allow our Information Security Office to test how well the Loyola community can recognize real world scams before they strike.\u00a0 [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-2263","post","type-post","status-publish","format-standard","hentry","category-phishing"],"_links":{"self":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts\/2263","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/comments?post=2263"}],"version-history":[{"count":1,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts\/2263\/revisions"}],"predecessor-version":[{"id":2264,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts\/2263\/revisions\/2264"}],"wp:attachment":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/media?parent=2263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/categories?post=2263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/tags?post=2263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}