Campuswide Phishing Training Begins This Month

Primary tabs

Later this month, the group will conduct a campuswide phishing exercise to help educate students, faculty, and staff on cybersecurity risks and how to identify phishing threats in emails.

The exercise, which will take the form of a regular email, will contain a link to a non-Georgia Tech page that will ask you to enter your Georgia Tech login credentials. There will be apparent red flags in the email, though, that should raise suspicion and stop recipients from taking the proverbial bait. Anyone who enters a username and password on this fake page will be directed to an onscreen training page with tips on how to avoid a real threat.

“This is a non-punitive exercise, so information about individuals who provided their username and password will not be shared,” said Jason Belford, interim associate director for Georgia Tech Cyber Security. “We will review the results to help us refine our future training efforts. It is critical to conduct these continuous training exercises to help build and maintain awareness throughout the entire community.”

Georgia Tech Cyber Security has seen positive results when they have conducted similar exercises with individual departments and small groups of users on campus. In past exercises among those on campus who had not had phishing training, around 20 to 25 percent of people fell prey to the fake email. Following training, that percentage decreased to around 3 to 5. This month’s exercise, supported by the Office of the President, is the first campuswide phishing exercise and will be repeated every semester.

How big of a problem is phishing on campus? Last year, hundreds of accounts were compromised — a significant increase from previous years that has grown even larger this year. Belford notes that all notable hacks in recent years, such as those involving Target and The Home Depot, began with a phishing message.

While preventing all forms of phishing is not possible, one safeguard users can employ is to always check where the URL link in an email is pointing — before clicking. This can be done by hovering over the link before clicking, or by previewing the link if you use a smartphone. If the domain doesn’t match what you expect it to, that should be a giveaway. For more information, visit

Those on campus who think they have received a phishing message should forward it to, or just delete it. Forwarding such messages to Cyber Security helps the team use them to increase operational effectiveness as well as better understand current phishing trends.



  • Workflow Status:
  • Created By:
    Rachael Pocklington
  • Created:
  • Modified By:
    Fletcher Moore
  • Modified:

Target Audience

    No target audience selected.