TLDR:
- The University of California Santa Cruz conducted a phishing test based on a fake Ebola scare, causing panic among students and staff.
- The test was meant to raise awareness about phishing but backfired, prompting an apology from the university.
University of California Santa Cruz (UCSC) students were shocked to receive an email warning about a staff member infected with the Ebola virus, which turned out to be a phishing exercise. The email, titled “Emergency Notification: Ebola Virus Case on Campus,” caused panic among the university community on August 18. Despite intentions to raise awareness about phishing, the message led to unnecessary panic and a loss of trust in public health messaging.
Following the incident, Brian Hall, the chief information security officer for UCSC, sent out an apology to the university community. The university realized the harm caused by the simulation and is working to prevent such incidents from happening again. However, the phishing test served as a reminder of the importance of cybersecurity training and the need to prioritize accurate training methods.
Simulated phishing attacks, when not carefully executed, can lead to distrust and friction between employees and security teams. Moving forward, it is essential to focus on accurate training methods and proper handling of phishing threats to strengthen overall security protocols.
Despite the embarrassment caused by the fake Ebola scare phishing test, UCSC remains committed to protecting students, faculty, and staff from online threats. Regular cybersecurity training and simulated phishing campaigns are used to educate the university community on how to recognize and handle suspicious emails.