Ethical Phishing Email Campaign 2024 | Hong Kong Internet Registration Corporation Limited
Ethical Phishing Email Campaign

Ethical Phishing Email Campaign 2024

2024-06-19
Event Name Ethical Phishing Email Campaign 2024
Date August – September 2024
Brief Description

The Cyber Security and Technology Crime Bureau of Hong Kong Police Force (CSTCB) and the Hong Kong Internet Registration Corporation Limited (HKIRC) would like to cordially invite your organisation to take part in “Ethical Phishing Email Campaign 2024” (the Campaign), to raise your staff awareness about suspicious emails and improving your organisation’s cyber security posture.

 

The Campaign will be conducted from August to September 2024, and participation will be free of charge. During the Campaign, your provided email addresses will receive several pseudo-phishing emails at irregular intervals to test your staff’s awareness.

 

Once the campaign concludes, each participating organisation will receive a comprehensive report on their employees’ performance in handling suspicious emails.

 

Interested organisations may register up to 150 members/email addresses via the link provided by 26 July 2024 (Friday). Places are limited and will be allocated on a first-come-first-served basis. To facilitate registration, please designate a contact person to follow up on the relevant registration process.

Registration link & QR code

https://forms.office.com/r/xMfeN0gnE8

qr code

If you have any questions, please do not hesitate to contact us via email cybersec@hkirc.hk . We hope to have your participation in the campaign.

Remarks:

(1) Only email addresses with a registered organisation domain are suitable for participating the Campaign. Web-based email domains (e.g. Gmail, Yahoo mail) are not suitable.
(2) Successful applicants for “Ethical Phishing Email Campaign 2024” will be eligible to meet one of the five evaluation criteria of the “Cyber Security Staff Awareness Recognition Scheme”. If you are interested in learning about and applying for the Scheme, please visit the Scheme official website (https://cyberhub.hk/en/recognition-scheme)

Phishing drill

 

Frequently Asked Questions

Question: Can our company nominate more than 150 member email addresses? 

Answer: Due to the large number of organisations interested in participating Ethical Phishing Email Campaign 2024, each organization will temporarily be allocated a maximum of 150 email addresses. However, your organization can list more than 150 email addresses on the Ethical Phishing Email Campaign 2024 Participant Information Form. If there are quota left, we will try to include as many participants as possible for the remaining employees on the list. Otherwise, we will register the first 150 participants listed on the form for this Campaign. 

 

Question: What can organisations gain from participating in this Phishing Email Campaign? 

Answer: We will provide an overall report on the performance of all participating organisations without disclosing individual organisation/employee details.
Additionally, we can supply you with a report on the performance of your organisation with summarised result, including metrics such as the number of employees who clicked open specific emails.  

 

Question: Can the date of the Email Phishing Campaign be changed? 

Answer: The Phishing Email Campaign is organized by the Hong Kong Internet Registration Corporation Limited (HKIRC) in collaboration with the Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force. 

The target audience is organisations across Hong Kong. The scale is very large and requires time to prepare. The Campaign is scheduled for August to September 2024. 

 

Question: Before/After phishing drill, any training(s) will be provided? 
The Hong Kong Internet Registration Corporation Limited (HKIRC) provides a free self-learning platform for various companies in Hong Kong (Cybersec Training Hub ). Before/after the Phishing Email Campaign, your organization can arrange for employees to receive training(s) at this website (https://cyberhub.hk/). 

 

Question: What is the purpose of collecting employees’ grading for the Phishing Email Campaign? 

Answer: Depending on the employee’s grade, we would send phishing email with various difficulty. 

 

Question: Do you have the definition of the Executive, Management and Staff?  
Answer: You can define them based on your company’s organizational structure:
Executive: Having a leadership role, responsible for strategic decision-making and overall management of the company
Management: Middle management level, including department managers, supervisors etc. responsible for executing and overseeing department or business operations
Staff: General employees responsible for daily operations and executing specific tasks