Phishing Awareness
Phishing Awareness
Phishing remains a significant threat to our digital privacy and data security. Although our security tools successfully block most phishing emails each month, a few may still slip through to your inbox.
You are our strongest line of defense against these threats.
About the Phishing Simulation Program
When it comes to spotting phishing emails, practice is important. Our simulated phishing awareness and reporting exercises are designed to give the Harvard community experience in recognizing and reporting phishing messages to help keep you and our community safe. We do this so when real phish show up in your inbox, you’ll know exactly what to do.
These exercises will:
- Deliver simulated phish based on actual phishing attempts found at the University
- Give our community experience in identifying and reporting phishing emails
- Reward consistent reporters
- Provide an evidence-based understanding of our community’s phishing risks
These exercises will not:
- Send “gotcha” emails using messages more sophisticated than we typically receive.
- Directly impersonate Harvard departments or services.
- Report the identities of those who click.
- Assign mandatory training or take punitive action against those who click.
What to expect
Email users should expect to receive a simulated phish once per month. Like any suspected phishing message, it should be reported using the "Report" phishing button in your Outlook toolbar or by forwarding to phishing@harvard.edu. You will be notified that the phish was a simulation.
If you miss it and accidentally click, you’ll see a page that reassures you it’s just practice and highlights the warning signs to watch out for next time. Close that page and continue to report the email. After all, it’s good practice. Visit the Prevent Phishing page for more tips and information on how to recognize phishing.