VUIT to conduct phishing simulation exercises

VUIT Information Security continues to see phishing campaigns targeting the VU community. As part of ongoing efforts to improve information security practices at Vanderbilt, VUIT will operationalize regular phishing simulation exercises for all faculty and staff on a quarterly basis. The goal is to gauge the university community’s ability to identify, report and avoid phishing scams, and the results will help VUIT plan community engagement and targeted training opportunities.

Business email compromise is the No. 1 entry point for malicious actors, so it is important to continue to educate the Vanderbilt community on potential risks. Phishing simulations include sending out an email to users with the characteristics of a phishing attempt. If a user falls for the email phishing simulation, they will get a notification along with information on how to identify suspicious emails in the future. The simulations should not cause any disruptions to normal work activities.

If you receive a suspicious email, the best way to report it to VUIT for review is by one of two methods:

VUIT report phishing in Outlook

  1. Using the Outlook email client, use the “Report Message” button and select phishing.
  2. If not using Outlook or the button is not available, send the phishing email (as an attachment) to

Clicked a link (or entered credentials) in a phishing email? Take these actions:

  • Reset your VU e-password and personal passwords. Change your e-password by navigating to and clicking on “Change My Password.”
  • Contact VUIT Support for an anti-virus scan by calling 615-343-9999 or via any of the contact methods found at