Between January 26 and 30, 2025, the KAUST Information Security Department carried out a click-based phishing campaign by sending an email simulating a Microsoft Teams invitation.
This email is a bit different from previous phishing simulations as it included what seemed to be an invitation to join a KAUST “internal” team in Microsoft Teams. Still, several indicators can be used to identify that it was not a legitimate email!
The intention of these phishing simulations is to keep our users and organization vigilant to potential phishing attacks and the different techniques used by attackers, to protect our users from potential real attacks.
Indicators of phish
Check the different indicators of the phishing email in the infographic below.
Always be sure to STOP and THINK before you act and re-read emails before clicking on links or downloading and opening attachments.
Please report any suspicious emails
We want to emphasize the importance of REPORTING any emails that you suspect might be phishing.
By reporting suspicious emails, you help the information security team detect and block phishing attempts, preventing potential data breaches. Your report not only safeguards your account but also strengthens the organization’s defenses, reducing the risk for others. Every report contributes to improving threat detection and response, making the digital environment safer for everyone.
If something looks suspicious, report it to the Information Security Office by clicking the Report Phishing button on your platform.
For Outlook users, the icon with the “fish”
For Gmail users, the icon with the “envelope hanging from a fishing hook”
Or simply forward the suspicious email to: phishreporter@kaust.edu.sa
For any queries, feel free to reach out to the Information Security Department at askinfosec@kaust.edu.sa.