Internal Phishing Program

In order to raise awareness about phishing attacks, their consequences, and how to avoid becoming a victim, we will be launching an internal phishing campaign service starting in 2020. Here's how it will work:

• The Office of Information Security will work with department leadership and CSRs across campus to send a random sample of employees a test phishing email that simulates the kinds of emails being used by real criminals.
• Employees who receive suspicious emails should forward them as an attachment to phishing@byu.edu (whether or not they think it is part of the test).
• Employees who fall for one of the test phishing emails will see a message which will include ways they can identify phishing emails in the future and they may be asked to take phishing training online.

Note: Internal phishing campaigns are learning exercises only and employees will not be punished for falling for one of the simulated phish tests. All employees are strongly encouraged to treat suspicious emails as potentially dangerous. Although the test emails are not malicious, real phishing attacks are a threat to our university community. We can help each other by reporting suspicious email messages to phishing@byu.edu. Check our phishing page or the Phish Bowl for more information. Once our internal phishing campaigns are in motion, please return to this page often for campaign updates and tips for specific phishing attempts.