Between October 26 and November 2, 2025, KAUST Information Security conducted a targeted phishing simulation themed around an “Urgent Zoom Meeting” invitation.
The simulated email included links to view the invitation and guest list, urging recipients to act quickly before the invitation “expired” within 30 minutes — a classic example of how attackers use urgency to trigger quick clicks.
While it may have looked convincing, several warning signs revealed it wasn’t legitimate.
These simulations are part of our ongoing effort to help our community recognize evolving phishing tactics and avoid falling for future simulations or real-world attacks.
By staying alert and verifying before clicking, we can better protect ourselves and the organization from cyber threats.
📌 Note: If you’ve clicked links in multiple recent simulations, you’ll be automatically assigned a short online refresher training. Please complete it promptly to stay informed and better protected.
Indicators of phish
Check the different indicators of the Phishing email in the infographic below.
🔎 Think before you click! Report suspicious emails!
Don’t just delete — Report it!
If you suspect an email might be phishing (whether real or simulated), report it immediately.
🚨Why it matters
Reporting helps the Information Security team detect and block threats early, protecting not only your account but the entire KAUST community.
Every report strengthens our collective defenses and keeps our digital environment safer for everyone.
👉 How to report phishing:
- Outlook: Click the “Report Phishing” icon
- Gmail: Use the envelope with a fishing hook icon.
📧 Other Cyber incidents or breaches → cyberincidents@kaust.edu.sa
💬 For questions or guidance → askinfosec@kaust.edu.sa
INFORMATION SECURITY