During Ramadan, between March 18 and 25, 2025, the KAUST Information Security Department conducted a targeted phishing simulation themed around a Free Iftar Invitation.
Unlike previous simulations, this campaign included a link leading to a Data Entry form requesting users to enter their email addresses to receive “free tickets.” While it may have seemed convincing at first glance, there were several clear indicators that the email was not legitimate.
Even seemingly harmless information can be misused in real attacks — Data Entry phishing is designed to build trust and collect details that can lead to further compromise.
These simulations are designed to raise awareness and help our community recognize evolving phishing tactics. By staying alert and learning to spot suspicious signs, we can better protect ourselves and the organization from real-world cyber threats.
📌 If you’ve clicked on links in multiple recent simulations, you’ll be assigned a short online refresher training. It’s important to complete it as soon as possible to stay informed and better protected.
Indicators of phish
Check the different indicators of the phishing email in the infographic below.
Think Before You Click. Report Suspicious Emails!
Don’t Just Delete — Report It!
If you ever suspect an email might be phishing, report it immediately.
Reporting helps the Information Security team quickly detect and block threats, reducing the risk of data breaches. It protects not only your account but also strengthens our defenses across the organization.
Every report counts — it improves our ability to respond to threats keeping our digital environment safer for everyone.
Use your email platform’s “Report Phishing” button to alert us
For Outlook users, the icon with the “Fish”
For Gmail users, the icon with the “Envelope hanging from a fishing hook”
Or simply forward the suspicious email to: phishreporter@kaust.edu.sa
For any queries, feel free to reach out to the Information Security Department at askinfosec@kaust.edu.sa
