The second annual phishing test is completed

05.07.2023
The second annual company-wide phishing test was distributed in June 2023. This time it was a fake email pretending to be sent by Odfjell Human Resources, asking you to review your contract and agreement. Read on for the results and tips on how you can avoid being the victim of a real cyber-attack.

The phishing email in this test had a link. If this email was a real phishing email, clicking on the malicious link could have severe consequences for yourself and for Odfjell, including financial loss, data theft, possible system downtime, etc.

 

Results overview

  • 937 emails delivered

  • 474 of these were reported by using the Phish Alert button (well done to all of you!)

  • 193 users clicked the link in the email


That means that 193 of our users – if this had been a real phishing email – took the first step towards what could lead to a cybersecurity breach. Clicking the link could be enough to infect their computer or phone.

A failure rate of 20.6% is well above our target of a maximum of 5% failure rate. 

 

General advice handling suspicious emails

  • Do we expect this email?
  • Do we know the sender? If so, do we expect him/her to send this attachment or link?
  • Always hover over the link: Does it look suspicious?
  • Use the Phish Alert button. You can still find the email later on in your Deleted Items.
  • Don’t click the link or open the attachment on your mobile phone. Use your PC.
  • If you feel the email might be suspicious, speak to IT or a colleague before clicking on the link or attachment
  • Contact IT and ask about the email


STOP - LOOK – THINK!

The most successful phishing emails globally are the ones that impersonate brands like LinkedIn, Microsoft or Facebook as well as internal resources such as HR. Our phishing tests show that this is also the case within our organization:

Phishing test impersonating Microsoft: 8.6% clicked (December 2020)
Phishing test impersonating LinkedIn: 7.7% clicked (June 2020)
Phishing test impersonating Facebook: 6.6% clicked (September 2022)
Phishing test impersonating HR: 14.5% clicked (December 2022)
Phishing test impersonating HR: 20.6% clicked (June 2023)

IMPORTANT: If you get an email from one of those above, please be extra vigilant.

 

Results of the second 2023 company-wide phishing test

Corporate IT issued the second 2023 phishing test earlier this month, sending the same email to all employees and for the first time including officers on vessels. This was done to ensure that we could compare results across offices, vessels, and countries.

The email was classified as advanced to detect as a phishing email. It had three red flags which together is a strong indication that this is phishing.

Looking at the various offices, the test result is shown below. Kudos to our colleagues in Durban who for the second successive time managed to get zero clicks registered!

What happens next?

Our main objective is to ensure everyone is offered the assistance needed to learn from a failed test. Those of you who clicked, replied to, or entered data into the fake log-in page, will receive a message from the Cyber Security Team to ensure that you are aware of the failed test. Please feel free to respond to this email if you think the registration of a failed test is wrong.

Everyone who fails twice during a set period of time will be automatically enrolled in additional training. This will also be the case for those who fail three or four times. This is done to ensure that everyone receives the training needed to help improve cybersecurity awareness. 

 

How to spot the red flags

Phishing remains one of the biggest day-to-day cyber threats against Odfjell. From January through May, more than 150,000 phishing emails were blocked by our security systems but still many got through our filters. These end up in our inboxes and will pose a threat if recipients don’t disclose the attempted fraud. A successful phishing attack typically leads to credential theft, unauthorized access to sensitive systems, and sensitive data breaches.

What this means is that we have to be diligent so we don’t fall victim to phishing scams. It is possible to spot phishing emails, but it requires that we always:

STOP - LOOK - THINK before we open an attachment or click on a link.

These are the red flags in the “Revision to your Employee Contract & Agreement”

This is the email you received:

Flag #1: The sender's email address pretended to be from HR at Odfjell but this is spoofed. One way to check if the sender's address is legit is to choose “Reply” on the email (but do not send it!) and see what is shown in the To: field. If it is fake you will normally see another address than you expect or a message stating that this internal address doesn’t exist. On our phishing test email you will see this reply address: Human Resources < HR2y3jpdfj@odfjell.2fa.telefon-de.com>

Flag #2: Tells you to click a link or open an attachment.

Flag #3: Hovering the mouse over the Agreement.pdf shows that the links do not take you to the site the email content says it will.

If you ever wonder if the email is legit - ask a friend, use the Phish Alert button, or contact IT Support.

 

How to report cybersecurity issues

Countless cybersecurity incidents can happen. Make sure to report them to IT. Please also report if you find something suspicious but are not sure if it is a cybersecurity incident. It is better to report one too many than one too few! Report to itsecurity@odfjell.com.

Also, remember to use the Phish Alert button. Using the Phish Alert button helps IT to identify ongoing attacks.

​​​​​​​And finally, always remember when something strange happens or you get an unusual inquiry:

STOP - LOOK - THINK