The worst security test ever? University slammed over fake Ebola scare as phishing test

Phishing
(Image credit: Pixabay/Tumisu)

A California University has come under fire for sending out a phishing test which cautioned all its students about a (false) Ebola outbreak.

The University of California Santa Cruz (UCSC) sent out an email titled ‘ Emergency Notification: Ebola Virus Case on Campus’ to all students, which understandably caused widespread concern.

The email, which has since been retracted, warned that a staff member had recently returned from South Africa, and had tested positive for the Ebola virus. Students were then encouraged to log into an information page for more details, which is where the phishing test was revealed.

Phishing test gone wrong

Phishing test email sent by UCSC

The email sent to UCSC students and faculty (Image credit: Via Reddit user Carbinkisgod)

The University has since apologized for the ‘inappropriate’ content of the email, which it said was not real and, "inappropriate as it caused unnecessary panic, potentially undermining trust in public health messaging."

"We sincerely apologize for this oversight."

Rushing a victim into action is a common tactic used in phishing scams, and comments made by UCSC students and staff reveal the message did just that.

“I was walking when I got the email and freaked out because it would have been a very serious health situation!! Like the last thing on my mind is my online security when I think my colleagues might have been exposed to EBOLA.” user SneakyTurtleGin said on the University's Reddit community.

Others in the thread were not so moved, calling the test an ‘obvious scam’, noting the sender email address and the inclusion of a link in the email. Despite the signs, many agreed the topic of the test was inappropriate.

It’s important to note South Africa has not had an Ebola case since 1996, and there are currently zero reported cases of the disease in the US.

The University admitted that the nature of the simulation may have ‘inadvertently perpetuated harmful information about South Africa’ but insisted the test was part of attempts to strengthen security.

Via The Register

More from TechRadar Pro

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.