Genuine email phishing scam or IT phishing simulation?
From time to time, our Cyber Security Team runs email phishing simulations that replicate real-life phishing scams. Some of these simulations are easy to spot, while others are deliberately more subtle.
These exercises bring several important benefits to the Trust, including:
Reducing security risks by helping us identify and address vulnerabilities related to social engineering attacks.
Raising awareness among staff about how attackers design convincing, genuine-looking emails to deceive recipients.
Creating a safer workplace, as the lessons learned extend beyond the office and can help protect staff in their personal digital lives too.
In our most recent phishing simulation, 14% of staff clicked on the simulated link—a reminder that even cautious users can be caught out by a well-crafted email. Those affected will ironically receive an email invitation to complete some online training designed to help recognise and avoid phishing attempts. Phishing Training Email - 'You have training(s) to complete'
Remember: stay vigilant. Always question unexpected or unusual emails if in doubt, get it checked out, using this form: Suspicious Email
Be Honest if You’ve Entered Your Details
If you think you’ve fallen for a phishing scam and entered your login details — please be honest and tell us straight away.
There’s no blame for reporting it. Mistakes happen, but it’s vital that we know as soon as possible so we can:
• Secure your account
• Prevent further compromise
• Protect Trust data and systems
If you only report that you received a suspicious email without mentioning that you entered your details, we may not realise your account has been compromised — and that puts both you and the Trust’s data at risk.
What to do:
1. Report the email using the Report Phishing button (if available).
2. Contact the IT Service Desk immediately and let them know you entered your login details.
Your honesty and quick reporting help protect everyone.