July 26, 2024
Bulletin interne de l'Institut Pasteur
Report on the Olympic-themed phishing simulation test
On Monday July 15, the Information Systems Security (SSI) team carried out a phishing simulation test on all Institut Pasteur email addresses on the topic of the Olympics.
For this first phishing simulation campaign, all email addresses were targeted and the reactions were analyzed over 24 hours. The aims of the campaign were to:
• Obtain general (anonymous) indicators for the Institut Pasteur as a whole;
• Remind staff that this type of attack can occur and show what form it might take, especially in the context of the Olympic Games.
Résults
Many of you reported the email and took the initiative to warn your colleagues – which was exactly the right thing to do!
The SSI team would like to thank you for your cooperation, especially those who took the time to fill in the questionnaire on how to improve awareness-raising measures after falling into the trap.
What now?
The aim of a simulation like this is:
• For as few people as possible to click and enter their login and password;
• For as many people as possible to report the phishing attempt: it is crucial for the SSI team that you get in touch and report any suspicious emails so that the Institut Pasteur can respond rapidly to any attacks.
For a first phishing simulation campaign, the numbers of clicks and people entering details were relatively low.* But they can be greatly improved by carrying out more frequent phishing simulation tests and more targeted awareness-raising measures. The SSI team will bear this in mind for future campaigns.
The results of the various campaigns will be available here on ePasteur
In the meantime, useful resources can be found below, especially related to the 2024 Paris Olympics and Paralympics:
• Our ePasteur pages for Spotting and reporting a malicious email et Finding out about cybersecurity awareness-raising measures at the Institut Pasteur
• Recommendations from cybermalveillance.gouv.fr (in French) during the 2024 Paris Olympics and Paralympics and a fun exercise to learn about good cybersecurity reflexes, available free of charge online from the company Kamaé.
*Comparison with the figures in the 2024 Phishing by Industry Benchmarking Report from KnowBe4