Phishing Program Updates

By DoIT Communications

SBU Security Training and Awareness Working Group

Date Released: 8/31/2022

Cybersecurity Advisory 


Welcome back to another academic year at Stony Brook University. We would like to take this time to update the campus community on how we plan to conduct internal phishing exercises. Periodically we send out emails to the campus community that are based on real-world phishing attacks as a way to continually educate, as well as assess our cyber security readiness as a whole. Those results are never shared beyond a small group that is responsible for improving security awareness training efforts. Based on valuable feedback from the campus community throughout the latest iteration of our education efforts, we will make the following adjustments to the program.   


In October (Cyber Security Awareness Month) we will send a separate announcement for the phishing campaign that we will launch. The phishing exercises will be sent out once a week, increasing in difficulty each week. In addition to this campaign, each quarter we will continue to send phishing emails based on real-world attacks without prior notification. In response to community feedback, we will avoid using templates that attackers use to intentionally elicit an emotional response (e.g., you have been hacked scams). Instead, we will send out threat alert notices about such emails in a format that clearly states they are phishing; annotations will show all of the red flags that can be used to identify real attacks that use similar tactics.  


We continue to send these messages out to the campus community because such attacks are an everyday occurrence, and this valuable method serves to reinforce our security awareness training and educate the campus on common, real-world attacks. People, not technology, continue to be a favorite target for cyber attacks. 


We appreciate your continued support and feedback as we strive to keep the campus community well prepared to deal with the everchanging modern threats of today.


Thank you all and stay safe, 

SBU Security Training and Awareness Working Group