750 WUR-employees received an email from Michael through Teams, wanting to have a document cleared. He requested the receivers to reply to the message and click an included link. In reality, Michael was Holm Security, the agency conducting a phishing test.
“Michael’s” email was opened by 319 out of the 750 WUR recipients. A quarter of the recipients (189 persons) clicked the included link, and half of this group also entered their login name and password. These are precisely what a cybercriminal needs to gain access to WUR’s servers. The result of this test is concerning. ‘Employees must be alert when they should, or should not, enter their password’, Klein Tank states. This should only be done one pages of which the URL end in .wur.nl or .wurnet.nl. Only these pages are safe.
Cunning
The phishing mail was a crafty one. More so than the one sent out last year, when only 2 of the 750 recipients gave up their information. The layout and text in the message were strikingly similar to Teams messages and were hard to distinguish from the real thing. But the sender was suspect and the link did not lead to Teams. Moreover, you would normally only receive a Teams message if the same message appears in the Teams group or chat, which was not the case here. Klein Tank says it would be wise to practice recognising phishing messages. The intranet announcement provides a link to an exercise.
The WUR security team keeps many phishing and spam messages at bay. Over one million messages per week. Nevertheless, occasionally, something slips through the filters.