An experiment conducted to find out how many would fall victim to a phishing scam netted nearly 1,000 out of 10,000 unsuspecting students at a university in the United Arab Emirates, according to The National.
The first part of the university-sanctioned experiment at the American University of Sharjah was conducted in April on 10,000 students, alumni, staff and faculty and tricked nearly 1,000 individuals into trying to change their university logins. More than 200 students fell for the second part, which involved their revealing which banks they used.
The first email was sent out April 10, urging recipients to change their passwords “immediately.” The link in the email redirected users to a domain name unrelated to the university. The second e-mail was sent 10 days later, requesting names, phone numbers, email addresses and asking which bank recipients used. It offered a computer flash drive as a prize for taking part in the survey.
While 220 students fell for it, the 350 staff and faculty members appeared to have learned their lesson.
“Staff and faculty did not bother at all, it was zero,“ said Dr. Fadi Aloul, an associate professor in computer engineering, who supervised the study.