The purpose of simulated phishing campaigns and awareness efforts is to prepare, protect, and educate the WPI community. The simulations, deployed in a safe practice environment, test whether users identify or fall victim to a fake phishing email. Additionally, the effort will provide training on how to recognize, avoid, and report phishing attacks in order to protect faculty and staff, their departments, and the campus from cyberthreats.


The current scope includes all university employees. Students will participate at a later date.  The exercise itself will not damage any data or computers.


If you do fall for this phishing exercise, you'll be directed to resources to help recognize phishing attempts.

Action Needed

If you receive a suspicious email, please forward it as an attachment to phishing@wpi.edu or use the Outlook Report Message button, then delete the message.  Complete details are in Report Phishing (Related Article). If you have questions or concerns about phishing, you are welcome to contact Information Security using the Request Help button on this page.


Educational resources about phishing are available.

WPI Hub  

Information Security offers Secure Computing Articles, including resources on phishing. Several are highlighted in Articles. View Information Security Site (Actions) gets you to the whole list! 

WPI Learning Academy

Information Security modules about phishing and ransomware are in the WPI Learning Academy