We accompanied the “Don’t be a Phish” phishing test for several weeks. This is a program in which you could voluntarily have fraudulent emails sent to you.

The phishing simulation “Don’t be a Phish” was carried out by the Cologne cyber security company SoSafe in cooperation with the police authorities from Cologne and the Rhein-Erft district as well as the eCommerce provider Trusted Shops for European Cyber ​​Security Month 2019. Numerous supporters, such as the city of Cologne and Leverkusen, the eco-Association of the Internet Industry, Radio Erft, the Digitale Heinzelmännchen association, eyeo GmbH and the security portal Botfrei.de have taken part in the campaign as partners. The mayor of Cologne, Henriette Reker, was won over to sponsor the campaign.

During the course of the simulation, the participants received three supposed phishing emails spread over a period of one week. One of the emails contained a summons from the Cologne police in the name of Police Chief Uwe Jacob. The wording of this email was identical to a real phishing campaign from spring 2019 in southern Germany.

And apparently the simulated phishing email was so realistic that one participant even wanted to file a criminal complaint with the police! Apparently the participant had forgotten the previous registration after just a few days. The other two emails contained an alleged invoice from an online shop and a warning from a lawyer about a supposedly illegal download from the Internet.

Participants who clicked on the link were given a detailed explanation of how to recognize individual phishing emails using concrete examples www.phishtest.de This offer was also taken up by many participants.

Phishing test evaluation

“Don’t be a Phish” – Evaluation of the phishing simulation for citizens: 3,000 participants, 37% success rate and one criminal complaint! During European Cyber ​​Security Month, citizens were able to test their ability to recognize phishing attempts and fraudulent emails as part of the Don't Be a Phish initiative. On the website www.phish-test.de they could have realistic phishing emails sent to them and receive detailed information if they fell for it.

The evaluation of the campaign now shows some surprising figures: almost 23% of all emails were clicked on. Based on the participants who each received three phishing emails, it can be seen that more than one in three (37%) fell for at least one of the emails. A very high number considering that the participants had consciously registered just a few days before.

By October 30, 2019, almost 3,000 participants had registered for the free training - 81% of them men and 19% women.

Also surprising is the low “bounce rate” of just 6%, i.e. the proportion of emails that were rejected by the incoming server of the respective mail provider. A much higher rate was expected in advance. The same applies to the classification as spam; More than half of the phishing emails were actually opened by users.

Completion of the action

At the end of the anti-phishing campaign, all participants will receive their individual evaluation and confirmation in the next few days that their personal data has been deleted. The conclusion of the campaign, which was carried out in this form for the first time, was consistently positive from the organizers. “We were very happy about the great response.

“Obviously, internet fraud and IT security are topics that concern people,” says Peter Meyer from botfrei.de / eyeo. “We were particularly surprised by the relatively high click rate despite spam filters and general emails. The rates for our corporate customers are usually higher, but we also carry out targeted attacks here,” explains SoSafe Managing Director Dr. Niklas Hellemann.

But the test was also well received by the participants: more than one in ten participants gave feedback on the anti-phishing campaign: “Even though I actually have experience in the IT sector, you caught me. Good job!” reports one participant. “At first: shock of my life! When I received the email, I really thought it was real,” states another participant.

The simulation emails were also discussed in detail on numerous websites and media, including our website , the well-known YouTube channel for IT topics “SemperVideo” and in social networks.


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )