French authorities have launched a nationwide phishing awareness campaign, codenamed “Opération Cactus,” aimed at educating students on cyber risks and fostering responsible digital behavior among youth.
Over 2.5 million middle and high school students across 4,700 schools received deceptive messages through Espaces Numériques de Travail (ENT), the digital learning and communication platform used by students, teachers, and parents. These messages offered links to access cracked video games and cheat tools — a lure designed to replicate common bait used in real cyberattacks.
Out of the total student population targeted, 210,000 (around 1 in 12) clicked the phishing link. Instead of malicious content, they were redirected to a 75-second educational video produced by the campaign's partners. The video featured a French esports champion — also a gendarme — who emphasized fair play and cyber ethics, offering practical tips on secure online behavior. The segment concluded with a message from the deputy prosecutor of the J3 unit, warning of the legal consequences for individuals engaging in or facilitating cybercrime.
The operation was born out of growing concern over cyber threats aimed at educational institutions, particularly ENT platforms, which have become a focal point for malicious campaigns. These platforms are routinely accessed by millions of students, teachers, and parents for communication, assignments, and administrative updates. In 2024, a wave of credential thefts and message hijacking led to the temporary shutdown of ENT messaging services in several regions, underscoring their vulnerability.
Teenagers aged 11 to 18 — often overconfident in their digital habits and frequently under-supervised online — are particularly susceptible to phishing and other forms of cyber deception. The campaign aims not only to raise awareness among students but also to inform families, many of whom are ill-equipped to guide children in cyber hygiene.
Beyond the simulated phishing test, the campaign is set to continue with classroom-based educational sessions led by cybersecurity professionals, law enforcement officers, and educators. A comprehensive toolkit has been developed collaboratively by all participating agencies. This includes teaching aids and guidance for instructors to help reinforce cybersecurity messages and practices long after the campaign's conclusion.
Operation Cactus marks a rare example of large-scale, proactive cybersecurity education targeting the youth demographic, reflecting growing recognition of the urgent need to secure educational digital spaces in France and worldwide.
Leave a Reply