Carnegie Mellon University
Spot it. Report it.
Catch the Golden Phish

Calling all seekers! Are you ready to go phishin’ for prizes? This October, get ready to catch and report our simulated "golden phish" email message in your inbox for a chance to win exclusive prizes!

Throughout the month of October, the Information Security Office (ISO) will randomly send every undergraduate student at Carnegie Melon University one simulated phishing email message based on a real-world phishing attack.

How to Enter?
To enter, all you need to do is spot our sneaky phish and report it using the Phish Alarm button located in either Gmail or Exchange. Once you report the phish with Phish Alarm, you will receive a congratulatory message letting you know that you successfully caught the golden phish and will be automatically entered to win a prize. 

The simulated phish must be reported with the Phish Alarm button.

What can I win?

(1) Grand Prize: ISO Cyber Prize Pack that includes a $50 CMU Book store gift card, Yubikey 5 NFC Authenticator, Phish Seeker Champion t-shirt, stickers, and much more!

(25) additional winners: Limited edition ISO Phish Seeker t-shirt

Alternative prize options will be available for students in Qatar and Rwanda. 

All winners will be announced during the 1st week of November.

What is Phishing?
Phishing is a fraudulent malicious email attempt to obtain sensitive information such as passwords or credit card numbers by disguising as a trustworthy person or organization.
Red flags of a phishing email:

  • Conveys a sense of urgency
  • The email address does not match the display name
  • Includes a call to action such as clicking on a link or opening an attachment
  • Contains a generic greeting or odd signature
View an Example of Phishing

What is Phish Alarm?
Phish Alarm is a mail add-in that allows you to easily report a potential phishing email. With the click of the Phish Alarm button, the suspicious email will be moved from your inbox to your junk folder and forwarded to the Information Security Office for analysis. Learn how to use Phish Alarm for Gmail and Exchange.

Contact iso@andrew.cmu.edu for any questions.