@cR0w the thing that pisses me off is that we do all this 'learn the three signs of phishing' crap (links, a grammatical error, from an external address), but then every quarter we are required, immediately, to open the employee satisfaction email, from an external sender, click the link, and enter our credentials.
Stop requiring us to 'get faux-phished' by management, but also not 'get test-phished' by security and also not 'get real phished' by phishers.
@cR0w for a while (I think it's passed) there was a craze (driven by evading legal discovery?) for all internal corporate communications to be in the form of:
An email having no content, with a link to the corporate intranet site, where you have to enter your credentials in order to find out whatever 'the big news' was
And we'd get a bunch of these every week. Along with the phishing test emails. And, presumably, the real phishing emails.
Now none of us read our emails at all, great success
Smart companies warn their employees to expect such emails and who they'll be from via an email from a company mailbox weeks ahead of time.
@sapphire seems like smart phishers would know to send employee satisfaction emails on roughly the same schedule (quarterly)! But they'd also know to copy edit...
My point is that companies simultaneously require that people click links from third parties, and that people not click, and adding more emails to your inbox telling people to click links in some other email doesn't make the problem less of a problem. Because keeping track of which emails to click isn't anybody else's highest priority.
@The_Turtle_Moves @cR0w @dalias We get Nanolearning links, which contain our mandatory security training.
I couldn’t help roll my eyes when the topic was “don’t click links in emails”