Follow-up to the spring phishing campaign

The latest campaign was different in that an attachment posed the danger. Only when this was opened, and editing was enabled the user was considered compromised.

This time, the overall result is that 9.6% were compromised. Last autumn, the result was 4.8%. The setback may be due to the fact that the campaign was composed differently compared to previous campaigns.

Once again, we urge you to use the ‘Report Phishing’ button in Outlook. Fewer than 400 users reported the email as phishing, which also happened the last time around.

By using the button to report an email, it helps the underlying system to get better at filtering out the real phishing emails. More than 90% of traffic is already filtered out as unwanted, but some emails are still getting through, which we can reduce by getting better at reporting phishing emails.

As with previous phishing campaigns, anonymised statements collected at each cost centre have been sent out to local management. SDU Digital, Compliance recommends that the topic be brought up for discussion at department meetings or similar. It would be worthwhile to involve local GDPR and information security coordinators.

Read more on SDU Digital’s phishing webpage: https://sdunet.dk/en/servicesider/digital/databeskyttelse-og-informationssikkerhed/simuleret_phishing