As part of the Human Firewall Strength Procedure, to help improve the online security and safety of KAUST personnel, the Information Security department conducts phishing campaigns on an ongoing basis to strengthen the KAUST Human Firewall.
Unlike Q1 of 2019, at the end of Q2 we have seen fewer people reporting during our routine phishing simulations.
Here’s the report:
In June, we carried out a data entry based ‘credential harvesting phishing campaign by sending an alluring email about the famous “Jeddah Festival”. The email was sent from a unfamiliar sender name and email address, KAUST Raffle 2019 <community.life@039304.com> which is not an actual KAUST-owned email / website.
Cyber attackers target people by using any information available online. They use publicly available information to craft phishing emails and can contact people by different means to catch their attention and trigger emotions to compel them to click and fall for the bait.
Always be sure to re-read emails that sound too good to be true.
Response Breakdown:
More people fell for the phish due to a shortage of tickets available for the festival.
In comparison to previous scenarios, we have noticed a 10% decline in the number of people reporting phishing emails.
- Almost 58% of users that clicked the link or gave away their password were logged on from mobile devices, the rest (42%) accessed the link from a computer.
Congratulations to our top reporters!
Winners, please reach out to us to collect your prizes!
Always remember! Reporting our phishing simulations and reporting actual phishing emails by using the PhishMe button or by forwarding emails to phishreporter@kaust.edu.sa will help keep KAUST safe from cyber criminals and decrease your human firewall risk score and wins you prizes.
Thank you for being a Human Firewall!
For any queries, feel free to reach out to us: askinfosec@kaust.edu.sa.
