The University of California Santa Cruz in the US has recently apologized to its community for a phishing email intended to spread awareness of scams. Instead, it incited panic within the university.
An excerpt from the email uploaded to the university’s Reddit community page by user ‘Carbinkisgod’ shows an email with the subject “Emergency Notification: Ebola Virus Case on Campus.”
One part of the email reads:
“We regret to inform you that a member of our staff, who recently returned from South Africa, has tested positive for the Ebola virus. The infection was detected during testing conducted in our university laboratory.”
The email is sent from a strange-looking address, not seemingly associated with the university.
The Redditor asked the community, “Is this a scam?” Many Redditors agreed that something didn’t seem right.
“Given that it’s not from an @ UCSC dot edu account, it seems fishy. And here I was about to cross this one off my 2024 UCSC bingo card,” one user said.
Another Reddit sleuth investigated the details surrounding the email and confirmed that it was, in fact, malicious, but not in the way you might expect.
The Reddit user said that they checked the last part of the email in which the suspicious message was sent and was redirected to a website which displayed the following message:
Hi! This website belongs to Proofpoint Security Awareness Training. This domain is used to teach employees how to recognize and avoid phishing attacks. This page is here to let you know that this is not a malicious web page. The email that led you here was likely sent by your employer as part of a training program. If you have questions, you can contact your employer's IT help desk. If you still have questions you can contact us.
“If you don't believe me Google this part of the email address: corpbenefitplan.com”
Sure enough when Googling this address this very message popped up, showing that it’s not a malicious website and is infact part of a test intending to train users on how to respond to a phishing email.
The University of California Santa Cruz has it’s own website dedicated to raising awareness surrounding phishing scams called ‘The Phish Bowl’ which details the various scams spreading around campus.
On the list is the very phishing email regarding the supposed Ebola outbreak. The text bellow it reads:
“This is a simulated phishing campaign designed to educate the campus community on current phishing email tactics. The purpose of this campaign is education and awareness. Treat these simulated phishing emails as you would a real phishing attempt.”
However, according to media outlets like The Register and TechRadar this phishing email wasn’t as affective as the university may have initially thought.
This message then prompted an apology which the same Reddit user uploaded to the university’s subReddit.
The email, sent by Brian Hall, the Chief Information Security Officer at the university, said that the email was sent out on the 18th of August, 2024, posing as an official alert warning the community of an alleged Ebola outbreak on campus.
“The email content was not real and inappropriate as it caused unnecessary panic, potentially undermining trust in public health messaging. We sincerely apologize for this oversight.”
Hall continued by saying that these “attacks” are meant to spread awareness about phishing scams so that students, faculty, and staff can recognize and avoid these types of schemes.
However, on this occasion, the simulation “caused concern and inadvertently perpetuated harmful information about South Africa.”
Your email address will not be published. Required fields are markedmarked