All students and staff received an email on March 17 with the subject 'Account Details' to monitor unusual account activity. An unannounced phishing test. The 'wrong' link in the email led to a webpage of the VU Cyber Save Yourself campaign.
The VU passed this phishing test better than last year. The relative number of clicks on the phishing links decreased from 12% to 8% for employees and from 13% to 9% for students. In addition, according to the IT Service Desk, it was striking that more than five hundred users reported that they had received a phishing email this year.
How did our employees do?
Of the employees, 2,718 (34% of total) opened the phishing email. Of these, 662 (8% of total) employees clicked on the phishing link in the email and 2,056 employees did not click on the link after reading the email.
How did our students do?
11,343 students (24% of total) opened the phishing email. Of these, 4,288 (9% of total) students clicked on the phishing link in the email and 7,055 recipients did not click the link after reading the email.
What can I do?
Few people knew about the test to achieve the most realistic result possible. A similar test was performed last year as the baseline measurement. The VU can take targeted action based on the (anonymous) results of the test. And that is sorely needed to fend off real, harmful attacks. Because although the results are better than last year, there is still a lot to do to get information security in mind.
For more cyber security tips, go to the information security page and take the cyber security course for employees or students!