VU community reminded that when in doubt, report suspected phishing


VUIT Information Security continues to see phishing campaigns that target the Vanderbilt community. The start of the academic year and return of students to campus likely means an increase in attacks. The groups that attack the university are aware of the increased traffic and number of new accounts, making it a prime time for malicious actors to capitalize on the flurry of activity.


VUIT’s goal is to increase the VU community’s ability to identify, report and avoid phishing scams while increasing technical controls and response in the background.


If you receive a suspicious email, the best way to report it to VUIT for review is by one of two methods:


Outlook toolbar report phishing



  1. In the Outlook email client, use the “Report Message” button and select phishing.

  2. If not using Outlook, or if the button is not available, send the phishing email (as an attachment) to phishing@vanderbilt.edu.


Oops! Clicked a link (or entered credentials) in a phishing email? Take these immediate actions:



  • Reset your VU e-password and personal passwords. Change your e-password by navigating to it.vanderbilt.edu and clicking on “Change My Password.”

  • Contact the VUIT Tech Hub for an anti-virus scan by calling 615-343-9999 or via any of the contact methods found at it.vanderbilt.edu.


Need practice identifying a phishing email? Phishing simulation emails coming soon


Business email compromise is the No. 1 entry point for malicious actors, so it’s important to continue to educate the Vanderbilt community on potential risks. Phishing simulations allow the institution to send out an email to users with the characteristics of a phishing attempt. If a user falls for the email phishing simulation, they will be notified along with information on how to identify suspicious emails in the future. The simulations should not cause any disruptions to normal work activities.