Starting this fall, IT Services will send randomized spam and phishing emails to students to increase awareness of cybersecurity's best practices. If students click a link in the email, they will be sent to a training page that briefly educates them on how to better recognize suspicious emails. 

IT Services uses KnowBe4, a security awareness platform that specializes in simulated phishing email to better educate and inform the campus community of potential threats. Faculty and staff have received these educational phishing emails from KnowBe4 since April 2021.

"We are trying to help people get better at recognizing the tricks malicious actors use in email," said Stephen Tycer, chief information security officer. "Students will not get in trouble if they click the wrong thing, but they will have an opportunity to learn a bit more about phishing." 

Phishing is the process of attempting to acquire sensitive information such as usernames, passwords, personal information or other university data by tricking the recipient to download an attachment by masquerading as a trustworthy entity. Learn more about phishing.

"Other types of phishing may want business, research or trade information and may target research assistants who may unknowingly divulge important information about what they are working on," said Ruth Parcells, IT governance, risk and compliance specialist.

Students should also be aware of recruitment phishing scams that advertise job offers for the student's major, as well as scams that say your boss needs you to do something right away, such as buy gift cards or change some type of payment method.

What should I do when I receive a phishing scam? 

Use the" Report Message" button in Outlook if you have received a phishing email. 

The button is included with Outlook on the web, Outlook for iOS and Android, and compatible versions of the Outlook desktop email client.  

1. Select the suspicious or junk message and click the "Report Message" button in Outlook. 

2. Select "Phishing" to ensure the suspicious email is reported to the university's IT security team and deleted properly.

Securing our campus community is an ongoing concern as cybercriminals continue to evolve their efforts. In this era of persistent cyber threats, our university can be secure only with the active participation of everyone. Simple steps like avoiding and reporting suspicious email messages can go a long way toward protecting our campus community. To learn more, visit the Cybersecurity Checklist.  

Contact the IT Help Desk at help.uark.edu or 479-575-HELP with any questions or concerns.