Anatomy of a Phish: January 2025 Phishing Simulation

In January 2025, we conducted another phishing test to evaluate our organization’s resilience against phishing attacks. This test provided valuable insights into our cybersecurity awareness. Out of 491 recipients, 26 failures occurred for the phishing attempt.

We are incredibly thankful to the 218 individuals who reported the phishing email. The first report came in just 55 minutes after the campaign was launched! Reporting phishing emails, even if you fail the test, is crucial for our institution’s cybersecurity. It allows us to quickly identify and mitigate potential threats, protecting our organization and its members from harm.

Below, we outline the key indicators from our test that everyone should be aware of:

Sense of Urgency: Phishing emails often create a sense of urgency to prompt immediate action. In our test, the email urged recipients to review attached documents promptly.

Hover Over Links: Always hover over links to check if the URL matches the site it claims to be. In our test, the email included attachments rather than links, but the principle remains the same for verifying authenticity.

Spelling/Grammar Errors: Watch out for spelling and grammatical mistakes. Although not shown in our test email, errors like these are common in phishing attempts.

Suspicious Sender Address: Even if the sender’s address appears to be from our organization, it could be spoofed. Always verify the sender’s email address carefully.

By staying alert and recognizing these red flags, we can better protect ourselves and our organization from phishing attacks. Remember, if something feels off, it’s always better to double-check before taking any action and please utilize the “Phish Alert Button”.