Phishing
Did you fall into the phishing trap?
SDU IT and Digital are taking stock after the autumn 2024 phishing campaign in which an email in the SDU inbox tried to lure login information out of employees through a QR code for updating their employee card.
This time, 14.1% of the email recipients handed over their login details. This is a slight increase from the spring campaign, which shows the importance of continuing to focus on the threats that can occur in the inbox. There are still several areas in which more than one in four employees were compromised. The phishing campaign should not be seen as a test of the individual employee but as a means of raising awareness of fake emails with malicious intent.
SDU IT and Digital commend everyone who remembered to use the ‘Report Phishing’ button in Outlook. This time they received twice as reports compared to the last campaign.
More credible email
In the autumn phishing campaign, SDU IT and Digital once again tried something new in the form of a QR code embedded in the received email. They are constantly testing new things that are seen in real life to ensure that the organisation is prepared for the current threats.
The level of difficulty in recognising this autumn’s phishing emails has also been increased with a more linguistically correct text. In the past, awkward language was a good indicator of a phishing attempt, but this has changed rapidly with the rise of large language models and generative AI.
In light of the less transparent phishing email and a doubling in the number of reports, this year's campaign is considered satisfactory.
Call for local discussions
As with previous phishing campaigns, anonymised statements collected at each cost centre have been sent out to local management. SDU Digital, Compliance recommends that the topic be brought up for discussion at department meetings or similar. It would be worthwhile to involve local GDPR and information security coordinators.Read more about simulated phishing on SDUnet: https://sdunet.dk/en/servicesider/digital/databeskyttelse-og-informationssikkerhed/simuleret_phishing