Between September 17 & 24, 2025, the KAUST Information Security Department conducted a targeted phishing simulation, themed around Saudi National Day record-breaking fireworks and drone show.
This simulation email included links & QR code encouraging users to click & scan to register for the chance of being granted a VIP seat on a first-come, first-served basis. While it may seem intriguing at first glance, there were several indicators to watch out for to show if the email is not legitimate.
These simulations are designed to raise awareness and help our community recognize evolving phishing tactics. By staying alert and learning to spot suspicious signs, we can better protect both ourselves and the organization from real-world cyber threats.
📌 If you’ve clicked on links in multiple recent simulations, you’ll be assigned a short online refresher training. It’s important to complete it as soon as possible to stay informed and better protected.
Indicators of phish
Check the different indicators of the Phishing email in the infographic below.
Think Before You Click. Report Suspicious Emails!
Don’t just delete—Report it!
If you ever suspect an email might be phishing, please report it immediately.
Reporting helps the Information Security team quickly detect and block threats, reducing the risk of data breaches. It protects not only your account but also strengthens our defenses across the organization.
Every report counts — it improves our ability to respond to threats, keeping our digital environment safer for everyone.
👉 Use your email platform’s “Report Phishing” button to alert us.
For Outlook users, the icon with the “Fish”
For Gmail users, the icon with the “Envelope hanging from a fishing hook”
For any queries, feel free to reach out to the Information Security Department at askinfosec@kaust.edu.sa