Yearly Spoofing/Phishing Test Review

By admin, 5 March, 2023

As decreed in the IT Policy the yearly Spoofing/Phishing test has been carried out.

With 71 failures recorded out of 405, the results are disappointing. Discounting the recorded failure by "lol" and "heyyyyy" - congrats to whoever figured out how to submit that :)), and myself probably being unlikely to fall for a phishing test conducted by myself we have 69/404 failures. That is a 17.0792... % failure rate. Given that only one hacked account is needed to compromise the security we have that for every 100 phishing emails sent to the JCR our saftey will be compromised 6900 times.

Let us look a bit behind the psychology of why or why not you may have clicked the link.

Why you didn't click?

  • The sender name was unfamiliar.
  • The email arrived unannounced or the timing was unexpected.
  • The urgent nature of the content is typical of phishing emails.
  • That as a whole the email just felt slightly off
  • You'd been alerted via a group chat - thank you, Charlotte!

No matter why, your instincts and intuition led you to the smart choice when dealing with phishing emails:

  • never engage
  • trust your instincts
  • err on the side of being cautious
  • remember that you're in control, and that it's okay to be skeptical

Why you clicked?

  • You're a complete buffoon.
  • You're Ed - sorry :)) (he did eventually realise it was a phishing email after asking me for help in changing his password because the link wasn't working :)) )
  • You use an awful email program that didn't flag it as spam straight away!
  • You weren't suprised that there was no GPG signature attached to the email.

No matter why, your instincts are flawed and you will need to attend a remedial IT Saftey Session in the JCR at 5.30 pm this Wednesday! There will be free pizza! And anyone is welcome!

Extra people can sign up using this link - so I know numbers for pizza!