As a part of its Cybersecurity awareness program, the Company conducts each semester a Phishing awareness campaign to check employee’s awareness level and train collaborators to detect cyber-attacks and to report suspicious emails. Antony Green, IT Security Manager for TGPUK, tells us more.
Antony, what is “Phishing”?
Among the many threats we can face online, Phishing is one of the most dangerous and persuasive. Cybercriminals impersonate legitimate individuals or organisations to trick the target into revealing sensitive and confidential information (e.g. financial and bank details, usernames, and passwords, etc.) which can then be used for malicious purposes such as fraudulent transactions. Phishing attacks often come in the form of emails or websites that are designed to steal your personal data. They exploit human psychology to manipulate recipients into clicking on malicious link or download harmful attachments.
In a word, cyber threats can lead to data and identity thefts, reputation damage or financial losses. Within the framework of the Company, cyber-attacks can disrupt business operations and compromise our internal IT systems.
TotalEnergies has recently been the target of an attempted scam via WhatsApp using the deepfake technology, which is one of the most recent and advanced cyber-threats, and a persuasive technique called the “CEO-fraud”. We observe that cyber threats and piracy techniques are constantly evolving and become more and more hazardous.
So, it’s fundamental to remain vigilant and informed regarding cybersecurity to know how you can identify the attacks and adopt security measures if needed.
Could you share the details of the most recent Phishing awareness campaign conducted companywide?
Last January, our Cyber HQ has conducted a new phishing campaign, taking advantage of the increasing excitement surrounding the upcoming Olympic Games in Paris.
The campaign targeted all the Company’s branches, meaning 102 305 employees in 122 countries. The scenario chosen for this phishing campaign was an email including malicious links. All employees who scanned the email were redirected the awareness-raising website.
At the end of the campaign, 23,5% of TotalEnergies employees clicked on the malicious hyperlink and 10,6% of them reported the email using the “Report suspicious email” button, located at the top right of your Outlook’s mailbox.
👉 If we are looking closer at the IP UK performance now, the results are not as good as expected: out of 744 collaborators who have received the Phishing email, 228 collaborators (30,65%) clicked on the malicious link, 67 (9.01%) reported the email without clicking on the link and 56 (7,53%) clicked the link and reported the email then.
Understanding phishing is essential to protect our organisation and prevent potential serious damages. That’s why we must keep our efforts and stay informed about cyber threats and cybersecurity in general.
How can we identify Phishing? What to do if we suspect a fraud?
First, “don’t act in hast”! If you are suspecting a Phishing attempt, be wary and remember the following tips to avoid falling in the trap (click on the picture below to zoom):
Regularly educate yourself about the risks of cyber threats is primordial. As part of the Cybersecurity awareness program, the Company simulates phishing exercises along the year helping the TotalEnergies’ employees to reinforce their understanding of cyberattacks. Some digital trainings are also available on LiZZY to maintain your level of knowledge regarding cybersecurity. The training catalogue is available here.
If you have any doubt, I encourage you to take precautions and rise your concerns to your manager and reach the Cybersecurity team as soon as you can.
A word to conclude?
Stay Vigilant! Cybersecurity is everyone’s duty.
