Students Learn How to Recognize Scams Through Simulated Phishing Campaign

Art Miller

Use the Report Message button in Outlook if you have received a phishing email.

IT Services has sent randomized spam and phishing emails to students twice a month this semester to increase awareness of cybersecurity's best practices. Students have clicked on approximately 10 percent of the phishing attempts. When students click a link in the email, they are sent to a training page that briefly educates them on how to better recognize suspicious emails. 

"We are trying to help students get better at recognizing the tricks malicious actors use in email, and our objective is for students as a whole to click less than 5 percent of the time," Stephen Tycer, chief information security officer, said. "Students will not get in trouble if they click the wrong thing, but they will have an opportunity to learn a bit more about phishing." 

Phishing is the process of attempting to acquire sensitive information such as usernames, passwords, personal information or other university data by tricking the recipient to download an attachment by masquerading as a trustworthy entity. Learn more about phishing.

Phishing attempts require you to click a link or open an attachment. For example: 

• You will lose access to your account.
• You must confirm personal information or pay an invoice.
• You are eligible for a coupon or gift card.
• You urgently need to respond to a request, question or threat.
• Your family member needs help.

"Other types of phishing may want business, research or trade information and may target research assistants who may unknowingly divulge important information about what they are working on," said Ruth Parcells, IT governance, risk and compliance specialist.

Students should also be aware of recruitment phishing scams that advertise job offers for the student's major, as well as scams that say your boss needs you to do something right away, such as buy gift cards or change some type of payment method.

What should I do when I receive a phishing scam? 

Use the" Report Message" button in Outlook if you have received a phishing email. 

The button is included with Outlook on the web, Outlook for iOS and Android and compatible versions of the Outlook desktop email client.  

1. Select the suspicious or junk message and click the "Report Message" button in Outlook. 

2. Select "Phishing" to ensure the suspicious email is reported to the university's IT security team and deleted properly.

Securing our campus community is an ongoing concern as cybercriminals continue to evolve their efforts. In this era of persistent cyber threats, our university can be secure only with the active participation of everyone. Simple steps like avoiding and reporting suspicious email messages can go a long way toward protecting our campus community. To learn more, visit the Cybersecurity Checklist.  

IT Services uses KnowBe4, a security awareness platform that specializes in simulated phishing email to better educate and inform the campus community of potential threats. Faculty and staff have received these educational phishing emails from KnowBe4 since April 2021.

Contact the IT Help Desk at help.uark.edu or 479-575-HELP with any questions or concerns.