Skip to main content
DA / EN
DA / EN

Search

SDU IT

Phishing campaign results May 2025

In May 2025, SDU IT ran a simulated phishing campaign where SDU employees received a false warning that their Google account had been accessed from a new section/unit

By SDU IT, , 7/4/2025

Purpose of the campaign

The purpose of the phishing campaign was to test whether employees at SDU could recognise a potential phishing attempt via email and how they handled the situation - including whether they clicked on the link and provided additional information and whether they reported the email as phishing.

The result

The result of the phishing campaign showed that 7.3% clicked on the link in the email - equivalent to 846 users, but only 2.3% - equivalent to 264 users provided additional information. Compared to last year's campaign, this is a significant drop, with last year's result being 14.1%. The reason for the significant drop is not only due to your attention, but also because you had to provide more information to be counted as compromised in this campaign.

Report Phishing

Unfortunately, fewer people used the 'report phishing' button in Outlook. Only 655 reported the email in this campaign. In the autumn campaign, the number was 767. When you report an email as phishing, you help keep SDU safe, as similar emails sent to others will automatically be removed if the email is found to be a phishing email.

How do I spot fake emails?
  • Check the sender. Is it someone you know? Or is it someone from an organisation you know?
  • Is it something you asked for? Does the message seem credible?
  • If in doubt, ask a colleague if they received the same email or call the sender back. This is especially relevant if you suddenly receive an email from your boss about paying out large sums of money. This is also known as CEO fraud
  • If in doubt, concact the Service  Desk at service.sdu.dk or call 65 50 29 90

  • Never disclose your password to anyone
  • Be sceptical about the email - phishing emails often try to create panic: Your account will be closed! You need to act now! Your account has been accessed from a new section/unit!
  • Hover over links (without clicking) to see where they lead

  • Use common sense and gut instinct. If it feels "off" - then maybe it is?
What should I do if I recognise an email as phishing?
  • Inform your colleagues about it
  • Report phishing - when you report an email as phishing, similar emails sent to others will automatically be removed if it is verified that the email is a phishing email.porter phishing
If you need more information, you can read more here:

5 councils on phishing emails

Data protection and information security pages on SDUnet

Simulated phishing at SDU

Editing was completed: 04.07.2025