Due to the increasing number of cyber attacks, which are also targeting universities and other institutions, RWTH Aachen University has been conducting an internal phishing simulation to increase cyber security awareness with the help of the security company SoSafe GmbH since December 06, 2021.
Cyber attacks often cause great damage, not only to the individual user, but also to entire companies, universities and institutions.
Above all, caution is advised with unknown links and attachments to e-mails. These should only be opened if you are sure that you know the sender of the email. If you receive a suspicious email, forward it as an attachment to our IT support and to our spam filter at Ironport. In this way, you can make a big contribution to IT security and optimize our corresponding filters. Be careful and sensitive with received emails. In particular, personal or business information should not be disclosed.
Phishing simulation at the RWTH
As part of the phishing simulation, all RWTH employees and students receive emails spread over several months that are based on realistic phishing attacks on our university. The emails we sent out serve the purpose of training and creating awareness. They contain links that take you to interactive learning pages. At no time is there a security risk to your devices or data.
For those of you who clicked on the links in the emails, you have already learned how to recognize and deal with phishing emails through the detailed learning pages. For those who did not click on any of the links in the phishing emails, we have also listed the links to the corresponding learning pages below:
- „Buchung der Lernräume“
- „Microsoft: Bitte authentifizieren Sie Ihr Konto“
- „Video: Bist Du das??“
- „Ihr Beitrag zum RWTH-Jubiläum“
Neither RWTH as the client nor the external service provider can see how you personally click or behave at any time. RWTH only receives an anonymous, summary evaluation of the click rates.
The phishing simulation in figures (as of 28.12.2021)
By December 17, 2021, more than 160,000 simulated phishing emails had been sent to the nearly 60,000 students and employees of RWTH. In 20.8% of the cases, one of the phishing elements such as a link, image or attachment was clicked on.
It is noticeable that over 40% of the emails were opened on a mobile device (smartphone or tablet). On these devices in particular, the default settings of the email apps are often set so that images are automatically reloaded. This makes it more difficult to identify what kind of link is hidden behind it and which page is thus opened.
Accompanying e-learning offer for RWTH employees
While the phishing simulation will continue to run at a reduced intensity in the coming months, we would like to take this opportunity to remind you that since October 25, 2021, eligible employees have the opportunity to deepen their knowledge on the topic of cyber security and phishing.
This action and your support will lead to a reduction in the risk of cyber attacks. We are convinced that it will be more difficult for real attackers to plant malware or steal passwords at RWTH in the future.
Want to learn more about phishing? Then take a look around here on the blog.
Responsible for the content of this article are Anastasios Krikas and Nicole Kaminski.