Phishing Simulation


'Oh no!  You've just clicked a fake email link or logged into a fake login page!'

OIT is developing a phishing simulation tool, intended to help educate CMU email users about the dangers, and what to watch out for, in phishing emails.  Our goal is to provide the corrective coaching "as submitting," or when people not only open and click the fake link in a fake, phishing email, but when they submit a login ID (Global ID) and password!  We do not collect or store the passwords, but note that something was submitted.

If you submit your Global ID and a password to a fake phishing email, you will be taken to a "landing page" something like the one above, which will inform you of the mistake, and hopefully, keep you from falling for phishing emails like that fake one, in the future.

We recommend you not even open emails you weren't expecting and from people you don't know, and just delete them.  Or if you think they're spam or phishing, forward them to and/or flag them as junk.  If you know the person and the request seems odd, ask them in person or via phone call or text message if they really sent and meant that.

Generally speaking: don't open them, don't click the links, but especially, don't submit your login credentials!  (Always check any link or form URL first, to make sure it's a link or form, by hovering over it to see where it goes or checking the title/location bar of your browser, if it's already open.)