Phishing Awareness

 

 

About the Phishing Simulation Program

When it comes to spotting Phishing emails, practice is important.  The purpose of our Phishing Simulation exercises is to give the RPI Community experience in recognizing and reporting Phishing messages.

Our email protection system and AI Security Analyst PhishStick successfully blocks and remediates most Phishing emails, however, as Phishing and Social Engineering tactics are consistently evolving by bad actors, there will always be a chance that a few Phishing emails could slip through to your Inbox.  We do these Phishing simulations so when real Phish show up in your inbox, you'll know exactly what to do. 

These exercises will: 

  • Deliver simulated Phish based on actual Phishing attempts and tactics that RPI experience such as:
    • Click Phishing (Simulated malicious URL)
    • Credential Phishing
    • Vendor Email Compromise (ex. Microsoft, SharePoint, Eventbrite, etc.)
    • Business Email Compromise
  • Give our RPI Community experience in identifying and reporting Phish emails.
  • Provide an evidence-based understanding of our Community's Phishing risks.
     

What to expect 

Students, Faculty, and Staff should expect to receive one Phishing simulation per month.  For any potential Phishing or Scam message, our RPI Community should report the email using the "Report" Phishing button in Outlook, or forwarding the email to phishing@rpi.edu. You will be notified either way if the email was Phishing, Spam, Safe, or part of a Phishing simulation. 

Failing a Phishing Simulation

If a Client misses the key security signals and clicks or responds to a Phish exercise, you'll see a page that reassures that this is practice, highlighting the key security signals missed during the Phishing exercise, and what to watch out for next time.  Please complete the four question quiz, close that page and report the email.  Do not forward, report any potential Phishing emails.

 

2026 – May
 

This month's Phish was from 'Atlassian,' attempting to exploit trust by mimicking a document sharing workflow, and sense of urgency to click a malicious URL. 

   

References

ITSSC - Report Suspicious Message to Microsoft from Outlook using "Report Message" 

ITSSC - How do you know if you received a Phishing or Spoofing Email? 

ITSSC - Information Security Analyst - PhishStick 

Division of the Chief Information Officer

110 8th St. Troy, NY 12180

(518) 276-7777

Staff Directory

Get Help


IT Service and Support Center
Back to top