#  Phishing simulation of the month: November 2024 

 





December 11, 2024

 

 

The Information Security and Data Privacy (ISDP) office sends monthly [simulated phishing emails](https://huit.harvard.edu/news/phishing-simulation-program-central-administration-staff) to staff in Central Administration, FAS, and some Schools. This program provides members of the community with experience identifying and reporting phishing emails in a safe environment, in addition to gathering valuable metrics to help improve our security services. These simulated emails are based on real phishing attempts seen at the University.

After each email is sent, we’ll break down the key characteristics of the phishing attempt so that you know what to look for in future. November's simulation falsely claimed to be from "American Airlines" in an attempt to get you to click on a link to get deals on flights.

   ![Screenshot of the simulated phishing email pretending to be from American Airlines](/sites/g/files/omnuum10811/files/styles/hwp_1_1__720x720_scale/public/2025-08/aanovphishimage%20%281%29.png?itok=xaZDXOlX) 

 

## **What you were asked to do:**

Click the link in the email to find flights for the holidays.

## **What to watch for:** 

The following clues revealed that something was phishy about this email:

- **Time sensitivity:**  Instills a sense of urgency which can be a sign that something is off
- **Too good to be true:** Prompts you to complete a request to gain something valuable
- **Bad address:** Sender address doesn’t match the display name, the domain isn’t American Airlines

## **Want more information on phishing?** 

[Visit our website](https://security.harvard.edu/click-wisely) to learn more about phishing, what to watch for, and how to report a suspected phish.