At a time when a large part of our social and administrative lives take place online, phishing represents a significant threat; sometimes, one ill-advised click is enough to plunge into a whirlwind of potentially catastrophic consequences. The National Education system has therefore decided to launch a large-scale awareness operation by setting a small trap for students.
According to FranceInfo, more than 2.5 million students received a fake phishing link on their ENT, the online platform that brings together different digital tools (schedules, monitoring of notes...). The message in question was particularly enticing, as it was perfectly calibrated to attract the attention of middle and high school students targeted by this operation called "Cactus". It promised free access to numerous pirated video games — a lure that many young people were unable to resist.
Unsurprisingly, no free game awaited them at the end of this link. Instead, they came across a short video which, according to the press release cited by FranceInfo, was "designed to inform them, empower them, and dissuade them from committing illegal actions on the Internet." A good lesson that, with a bit of luck, will prevent them from unwittingly disclosing sensitive information to malicious people in the future.
Young people, prime targets
This type of initiative is particularly important in this environment, because middle and high schools are "regularly targeted by malicious attacks" according to the Ministry of National Education. But the benefits extend well beyond the world of education.
These young people, by definition more gullible, are particularly vulnerable to these attacks, including outside of the school setting. However, if a child is fooled by this type of link, they can also get their parents into very serious trouble. The family computer is often full of sensitive documents and information (invoices, certificates, bank details, etc.) that can be misused by malicious actors. It is therefore crucial to raise children's awareness of these practices from a very young age.
Prevention works
The good news is that the proportion of students who have taken the bait is quite encouraging. In total, around 210,000 students clicked on this link, or just under 8.5% of the total. This is obviously too high... but not as much as one might expect from children who are often very young. Several surveys by firms and companies like KnownBe4 and Verizon estimate that in the workplace, 10 to 30% of adults tend to be fooled in the absence of prior awareness training. With a training campaign, this figure generally falls between 5 and 10%.
Knowing that most of these students have never been explicitly trained in combating phishing, 8.5% conversion is therefore a fairly decent score. This can be interpreted as a sign that the younger generation, who grew up in contact with these digital tools, is at least vaguely aware of good Internet security practices. The challenge now will be to continue these prevention efforts, and to do so earlier and earlier to better protect the digital citizens of tomorrow.
0 Comments