Campus administrators and faculty are not immune to the email plague of phishing. That became evident at the University of California at San Francisco School of Medicine (UCSF) this week when a physician was fooled into revealing a username and password to hackers. An official looking email made to look like it was sent by university computer security staff asked the doc to provide the information. It is unclear whether any sensitive information was accessed but the employee’s email account did include information about patients, including demographic and clinical data as well as Social Security numbers of four patients. Though commonly thought of in financial circles, it is clear that campus employees and faculty need to be educated about such threats and remain vigilant.