You must log in or register to comment.
- Does employee training
- Still immediately clicks phishing link…
I find that Cybersecurity training emails hit every red flag for a phishing email even if it’s legit:
- From an external organization without my company’s letterhead.
- Automated and I receive it at like 4am
- A message saying something to the effect of “IT has assigned important training for you”
- A link whose URL is a long string to an unidentifiable site
- Clicking the link immediately takes you to a login page to enter your company email.
If I wanted access to someone email and password maliciously, I’d totally make a cybersecurity training site like http://cybersecuritytraining.biz, tell people they are due for company cybersecurity training just like this and I bet I’d get a lot of accounts.
We recently got those training mails (legit ones just to make that clear) and the IT got so many tickets about it despite telling us that they were planned and showed an example of how they looked on teams, they had to make another post that essentially said „yes, this is legit, you can click the link.“
It amused me greatly.
It just means you all passed step one of phishing training. Ask someone else so the blame is on them when shit hits the fan.
Yes totally. But it was also funny how that is the thing everybody is drilled on to the degree of wanting to make super extra sure.
It’s about average. Some of the emails are very bad. Some of them are quite sophisticated.
Do education, send out a reasonable amount of testing, and if you can keep it below 15% you are in a pretty good spot.
Haha this is me I’m pretty trusting
Quad9 DNS
deleted by creator
