A California university has come under fire for sending out a phishing test warning all of its students about a (fake) Ebola outbreak.
The University of California, Santa Cruz (UCSC) sent an email titled “Emergency Notification: Ebola Virus Case on Campus” to all students, which understandably caused widespread concern.
The email, which has since been retracted, warned that a staff member had recently returned from South Africa and had tested positive for the Ebola virus. Students were then encouraged to log onto an information page for more details, where the phishing test was revealed.
Phishing test gone wrong
The University has since apologized for the “inappropriate” content of the email, which it said was not real and was “inappropriate because it caused unnecessary panic and potentially undermined confidence in public health messaging.”
“We sincerely apologize for this oversight.”
Pressuring the victim to act is a common tactic used in phishing scams, and comments made by UCSC students and staff reveal that the message did exactly that.
“I was walking when I got the email and I freaked out because it could have been a very serious health situation. The last thing on my mind is my online safety when I think that my colleagues could have been exposed to EBOLA,” said user SneakyTurtleGin on the university’s Reddit community.
Other thread participants were less moved, calling the test an “obvious scam,” referring to the sender's email address and the inclusion of a link in the email. Despite the signs, many agreed that the subject matter of the test was inappropriate.
It is important to note that South Africa has not had any cases of Ebola since 1996, and there are currently no reported cases of the disease in the US.
The university admitted the nature of the simulation may have “inadvertently perpetuated damaging information about South Africa” but insisted the test was part of efforts to strengthen security.
Through The Registry
