Phishing scams are designed to install malware, steal personal information, or invariably accomplish something that will not be in your best interests. However, these attacks are only successful when you participate by engaging in some overt action – executing an attachment, following a link, providing account or other personal information, etc. ITS maintains training materials on how to identify and deal with phishing messages, but we have received strong feedback that a more direct approach would be desirable. Faculty and staff will receive quarterly mock phishing messages, beginning this October, that mimic frequently seen attacks. If they click on a link in the message, they will navigate to a webpage that provides immediate feedback and additional information. ITS will not track or report on individual responses, but we will use aggregate results to better guide educational campaigns. ITS will communicate directly with all faculty and staff before the first messages are sent.