Global Cybersecurity Awareness Month: Results of Phishing Awareness Simulation

 

Pie chart of phishing results

To conclude this year’s Global Cybersecurity Awareness Month, we are sharing the results of this October’s phishing awareness simulation, which was conducted by IT Services in partnership with Cyber Risk Aware.

The phishing awareness simulation included two phishes sent to Trinity staff, one phish with an email that appeared to come from Office 365 and another phish which included two separate emails, one appearing to come from JSTOR and the other from Start of Term Discounts.

All three phishing emails included hyperlinks to external websites. In total 476 link clicks were recorded, with 107 staff giving away their Trinity username and password after clicking on the link in the Office 365 email. In this instance, clicking on the links or providing your Trinity credentials was harmless, however, in real phishing incidents it can have severe consequences.

Compared to our earlier Office 365 simulation conducted in June this year, which saw a total of 532 link clicks, we are seeing some improvement overall with a reduction of 168 clicks and 285 less people giving away their Trinity credentials. However, our results show that 126 individuals engaged with both the June and October phishing campaigns.

As Trinity staff, we need to remain vigilant when it comes to protecting ourselves against phishing. We have been entrusted with access to a vast amount of Trinity data, regardless of where within the University we work. Should hackers get access to even one Trinity IT account, the impact could include:

  1. Reputational damage
  2. Intellectual Property loss
  3. Unauthorised access to important College data, such as financial and HR information, contract documents, and student information
  4. Illicit access to your email, your contacts, and shared inboxes
  5. & your stolen login details could be used to access Trinity’s electronic journals

 


 

Breakdown of October Phishing Results:

Office 365 Phish - A HIGH-severity alert has been triggered

  • Sent to 5,000 staff
  • 364 or 7.28% clicked the link
  • of those 107 or 29.3% went on to surrender their credentials

JSTOR / Start of Term Discounts Phishes

  • Sent to 4,905 staff
  • 112 or 2.28% clicked the link

Overall for October Phishes

  • 4.78% of staff fell victim to phishing
  • 476 clicks on the fraudulent links in the phishing emails
  • 107 gave away their Trinity credentials

Repeat Offenders

  • In the October campaign, 18 individuals clicked both email lures
  • 126 individuals clicked on both the June and October campaigns