Skip to main content

Cornell University

Latest News

a fish uses its stripes as camoflauge.

Cybercriminals continue to target universities with email messages designed to steal credentials, financial information, and sensitive data. While Cornell's security systems help block many attacks, every member of the community plays an important role in identifying suspicious messages before they cause harm.

That's why Cornell conducts periodic phishing simulations—to help employees recognize increasingly sophisticated scams and practice safe responses in a realistic environment.

A Small "Thank you," A Big Win

During the summer phishing simulation, participants who correctly identify the message and use Outlook's Report Phishing option will receive a congratulatory message confirming their success.

The "Thank you for reporting a phish!" pop-up may seem simple, but it represents an important cybersecurity habit in action. Rather than simply deleting a suspicious message or reporting it as spam, using the Report Phishing button helps security teams understand what users are seeing while reinforcing the behavior that helps protect both personal and institutional information.

Using Outlook’s built-in phishing reporting tool is an important contributor to keeping the security team informed during real-world attacks. Repeated practice through simulations helps make that response automatic, reducing the chance that a genuine phishing attempt will succeed.

Choose the Best Reporting Option

If a message appears suspicious, use Report Phishing in Outlook rather than Report Spam/Junk.

Outlook’s built-in phishing reporting tool is specifically designed to identify potentially malicious messages and supports Cornell's cybersecurity monitoring and response efforts. During phishing simulations, selecting Report Phishing is also the action that triggers the positive confirmation message.

Building Confidence Through Practice

Cornell's phishing simulations are not intended to trick employees. They're designed to build confidence and strengthen habits that help people respond effectively when a genuine threat arrives.

Every correctly reported simulation is evidence that the Cornell community is developing the awareness and skills needed to protect university data, research, finances, and accounts.

So if you see the " Thank you for reporting a phish! " message during the July simulation, take a moment to celebrate. You've successfully recognized a potential threat and practiced one of the most important actions in cybersecurity: reporting it.


Tags

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.