Deutsch Intern
  • 50-jähriges Jubiläum des Rechenzentrums
Information Technology Centre

SoSafe - Raising user awareness

An awareness campaign for our users from 2021 to 2024

The risk of attacks on our IT infrastructure has not only existed since the recent cyber attacks on countless companies and authorities worldwide. From summer 2021 to summer 2024, the Information Technology Centre therefore trained its users in a awareness campaign to minimise the likelihood of cyber attacks on JMU.

According to various studies, people are the number one attack vector when it comes to the security of IT systems in public authorities and companies. An impressive 92 per cent of all cyberattacks start with a phishing email and almost 75 per cent of all users click on at least one in three phishing emails.

These alarming figures, together with numerous incidents in German institutions in the recent past, led to the decision to conduct security training at the University of Würzburg coupled with the random distribution of fake phishing emails.

Erläuterungen zu einer Phishingmail (Abbildung: SoSafe GmbH)
Explanation of a phishing email (Illustration: SoSafe GmbH)

Over the three-year project period, prepared emails were sent to all employees at irregular intervals, in no particular order and without focusing on any specific areas. This campaign enabled us to achieve a significant improvement in click rates (decreasing) during the campaign.

The system in the background recognised when those fake phishing emails were opened and, most importantly, when embedded links were clicked. In this case, the affected user was offered well-designed learning modules and training videos, which they were encouraged to work through. Now that the campaign has ended, we recommend watching the videos from the Bavaria-wide portal "Baylern" for an overview of basic security measures that everyone can implement. However, you must register in advance by providing your personal data.

During the awareness campaign, the Information Technology Centre only received an overview of the total number of opens and clicks, enabling it to observe a gradual improvement in the awareness of all users. With the end of the campaign in July 2024, we are now suspending this measure until further notice, as the objectives have been achieved for the time being and a certain habituation effect had also set in.

A general note:

If you are unsure whether an email in your inbox is a phishing email, please forward us the spam/phishing email AS AN ATTACHMENT without changing the subject to phishing@uni-wuerzburg.de.

How to forward an email as an attachment is explained here:
https://www.rz.uni-wuerzburg.de/dienste/kommunikation/e-mail/phishing/

Apart from an automatic reply, you will not usually receive an individual response from us. The message will nevertheless be included in our anti-spam measures.