Phishing Awareness at Stanford Expands

Phishing is the single greatest threat to our privacy and cybersecurity. Building on a successful 18-month pilot, beginning in May, the Information Security Office (ISO) will expand Stanford's Phishing Awareness Program to include all faculty and staff.​

The program’s goal is to help the Stanford community learn to recognize malicious emails, thereby protecting themselves and the university.

“Phishing threats are continuously evolving and pose real risks to the university, “ said Michael Timineri, ISO’s director of information security consulting. “This program helps us stay one step ahead by providing education and guidance to our community about how they can identify and avoid email-based threats.”

How it works

The program periodically sends an email to each participant that resembles a phishing message. It’s designed to create a safe, educational environment for a recipient to practice phishing email identification with no penalty to them, or their department, if a link is clicked. Individual results will never be reported.

A recipient who opens a link in one of these messages is redirected to an instructional webpage with guidance on how to identify malicious messages similar to that in the future.

If a recipient suspects that an email is phishing — whether a training example from this program or a real threat — the suspicious message should be forwarded to spam@stanford.edu, where the security team can take actions to block similar messages in the future.

Program history

The Phishing Awareness Program first launched in 2016 as a pilot that included 3,000 staff members. The program has been very well received primarily because of its "no harm, no foul" approach. The expansion to include all faculty and staff will increase the number of participants to about 15,000.

Learn more

For more information about the program, visit the phishing page on the University IT website: https://phishing.stanford.edu