INFO: MGB Phishing Training Program Overview

Phishing emails are one of Mass General Brigham’s biggest threats. To combat them, Information Security regularly sends simulated phishing emails to test your ability to spot and report potentially harmful messages. You won’t know when they are coming, so always be alert.

What happens if I fall for a simulated phishing email?

If you fall for a simulated phish, a popup window lets you know the email is a part of the MGB phishing training program. It includes an image of the email and the “red flags” that you should look out for next time (see below).

MGB Phishing Training

You may also receive a follow up email that assigns a 3 min training sent from (see below).

Trainings are in the MGB Microsoft Defender Portal. You can complete your assignment any time before the due date (see below).

A screenshot of a computerDescription automatically generated

The trainings are interactive and informative (see below).

A computer screen shot of a person sitting at a computerDescription automatically generated

Training assignment reminders are sent via email until the course is complete (see below).

A screenshot of a computerDescription automatically generated

What happens if I report a simulated phishing email with the Report Phishing button?

If you report a simulated phish using the Report Phishing button in Outlook, you receive a congratulatory email (example below).



DFCI: DFCI runs a separate phishing training program. If you are affiliated with DFCI, you may receive simulated phishing messages from DFCI and their associated training. All escalations should be sent to "site security officers - dfci"


For questions on the MGB phishing training program visit KB0040966, contact your site’s Information Security Officer or

Go to KB0040756 in the IS Service Desk