Between September 3 & 10, 2025, the KAUST Information Security Department conducted a targeted phishing simulation, themed around Boosting your productivity with Microsoft 365 Copilot.
This simulation email included links encouraging users to click and explore how to use new Microsoft Copilot features in Outlook and PowerPoint. While it may have seemed convincing at first glance, there were several indicators to watch out for if the email is not legitimate.
These simulations are designed to raise awareness and help our community recognize evolving phishing tactics. By staying alert and learning to spot suspicious signs, we can better protect both ourselves and the organization from real-world cyber threats.
📌 If you’ve clicked on links in multiple recent simulations, you’ll be assigned a short online refresher training. It’s important to complete it as soon as possible to stay informed and better protected.
Indicators of phish
Check the different indicators of the Phishing email in the infographic below.
Think before you click. Report suspicious emails!
Don’t just delete—Report it!
If you ever suspect an email might be phishing, please report it immediately.
Reporting helps the Information Security team quickly detect and block threats, reducing the risk of data breaches. It protects not only your account but also strengthens our defenses across the organization.
Every report counts — it improves our ability to respond to threats, keeping our digital environment safer for everyone.
👉 Use your email platform’s “Report Phishing” button to alert us.
For Outlook users, the icon with the “Fish”
For Gmail users, the icon with the “Envelope hanging from a fishing hook”
For any queries, feel free to reach out to the Information Security Department at askinfosec@kaust.edu.sa
