Email messages, like art, can be forged and the use of generative artificial intelligence (AI) makes it easier for bad actors to produce fakes that appear more professional and personalized. 

To help Cornell employees grow their forgery detection skills, the Cornell IT Security Office developed simulation training that closely mirrors recent phishing attacks. These simulations send a simulated phishing message to the email address of each Cornell faculty, staff, researcher, and other employees once every three months. 

Successful reporting of that message via the PhishAlarm report button results in a popup congratulations note. There is no punitive action for clicking links in a phishing simulation, but each response provides information to the IT Security Office about which attacks are most likely to be successful.

“Based on the results of our first year of simulations, Cornell employees now more easily recognize and report suspicious emails,” said Bobby Edamala, Cornell's Chief Information Security Officer. 

“We can use those details to improve the technical controls that block many fraudulent messages. But no matter how strong we build the university’s external defenses, these controls are circumvented when a community member is tricked into giving up their credentials or other information.”

Report any suspicious email activity using the PhishAlarm button in Cornell Outlook or Gmail.