Cybersecurity Awareness Update: Reporting Suspicious Emails Matters
The results from our latest simulated phishing campaign show that we're making progress in recognizing phishing attempts, but they also remind us of one important step that often gets overlooked: reporting suspicious emails. These exercises aren’t about catching employees making mistakes. They’re a way for all of us to practice recognizing threats, strengthen our cybersecurity awareness, and stay prepared for real-world threats.
Recent Campaign Results:
3,060 simulated phish emails delivered
228 employees click and interacted with the message
8 employees entered data into the phishing simulation
207 employees reported the message using the Phish Alert Button (PAB)
As part of our ongoing cybersecurity awareness efforts, employees who interacted with the simulated phishing email were enrolled in a KnowBe4 refresher training to help sharpen their ability to recognize and respond to phishing attempts.
Comparison to Our Previous Campaign
Metric
Simulated Phish Delivered
Clicked & Interacted
Entered Data
Reported via Phish Alert Button
Previous Month
3,023
258
12
235
Current Month
3,060
228
8
207
Change
+37
-30 (-11.6%)
-4 (-33.3%)
-28 (-11.9%)
The latest results above show that we're making progress. Compared to our previous campaign, fewer employees interacted with the simulated phishing email, and fewer entered information after clicking. That's a positive sign that cybersecurity awareness is improving and that more employees are spotting phishing attempts before they become a problem.
Don’t Just Spot It – Report It
While it's encouraging to see fewer employees clicking on phishing emails or entering information, one area still needs attention: reporting suspicious emails.
This month, 3,060 employees received the simulated phishing email. While only 228 interacted with it, just 207 employees used the Phish Alert Button to report it. In other words, more than 2,800 recipients potentially recognized the email was suspicious, or at least chose not to engage with it, but did not report it.
This highlights an important point: cybersecurity success isn't just about avoiding a phishing email. It's also about helping the college identify and respond to potential threats.
When suspicious emails are simply deleted, ignored, or left sitting in an inbox, our Security Operations Center (SOC) loses valuable visibility into what may be targeting FSCJ. A single report can help us investigate a threat, identify other affected users, and take action to protect the college.
If an email looks suspicious, don't just ignore it, use the Phish Alert Button. Reporting suspicious emails gives our SOC team the information they need to analyze potential threats and helps make our entire college community safer.
In a real-world phishing attack, reporting a suspicious email does more than protect your inbox, it helps protect the entire college. Even a single report can help our SOC team:
Identify phishing campaigns targeting our college
Determine who else may have received the message
Remove dangerous emails before they can cause harm
Track emerging threats and attack patterns
Strengthen our security measures across the college
Don’t Just Delete or Ignore It – Report It
If you receive an email that looks suspicious:
Don't click on links or open unexpected attachments.
Don't reply to the sender. Don’t forward the message.
Use the Phish Alert Button to report the message.
Even if you're confident an email is a phishing attempt, reporting it is one of the most important actions you can take. Every report gives our SOC team valuable information that helps us investigate potential threats, identify broader phishing campaigns, and protect our college.
Cybersecurity isn't just the responsibility of the IT department, it's something we all contribute to. Taking a few seconds to report a suspicious email helps protect our faculty, staff, students, and institutional data from cyber threats.
Thank you for staying vigilant and helping keep our Manta Ray Nation secure.
