In March 2025, the French Ministry of Education launched a massive educational cyber campaign called “Operation Cactus,” sending fake phishing emails to 2.5 million students. More than 210,000 teenagers clicked on the link, but instead of viruses, they saw an educational video about online risks and digital responsibility.
The campaign was intended to show students how easy it is to fall into the trap of criminals. The email looked like a classic phishing scam — it allegedly offered pirated games and cheats that could be downloaded via a link. As a result, more than 200,000 teenagers “clicked” — and ended up on an educational page with a video.
In addition to the phishing email, teachers were provided with a methodological cyber case — a set of materials for discussing the topic in the classroom: how hackers work, why you should be careful online, and how to behave in the event of an incident.
“Operation Cactus” is an example of innovative digital education, where instead of a boring lecture, there is an experience that leaves an emotional mark. This is not just a campaign, but a signal for other countries: vulnerability prevention should start not with the malware, but with consciousness.
