Malmö's Phishing Test Halted as Over 1,000 Employees Clicked Fake Link

Malmö city sent out fake emails to 3,500 employees to simulate an IT attack. But the test had to be stopped prematurely – when a third of the recipients fell into the trap, reports Sydsvenskan.

» Published: April 06 2025

Malmö's Phishing Test Halted as Over 1,000 Employees Clicked Fake Link
Photo: Markus Dahlberg/TT

On November 22 last year, Malmö City sent out the fake email via an auditing firm. The test was designed as a so-called phishing attack, where the hackers' goal is to gain access to login information, and the employees were prompted to click on a link in the email.

The recipients usually have 72 hours to respond, but the simulated IT attack had to be stopped already after 27 hours. By then, a total of 32 percent of the employees – over 1,121 people – had clicked on the link in the email, according to figures obtained by Sydsvenskan.

This happened despite the city's IT support, which was not aware that it was a test, having issued a warning on the intranet.

The goal in similar tests is for fewer than five percent of the employees to fall into the trap, and the average for Swedish municipalities is around 15 percent, according to the newspaper.

It's remarkable. Even ten percent is remarkable. All organizations and companies should be below three percent, says Jan Olsson, criminal commissioner at the police's national IT crime center, to Sydsvenskan.

Loading related articles...

Tags

TTT
By TTTranslated and adapted by Sweden Herald
Loading related posts...