My company sent me a fishing test email from a “no-reply@companyname.com” email address. I sent it to our security department and asked if I would ever get legitimate emails from that address. They never responded except to say that I passed the phishing test, so I set up a filter to automatically forward emails from that to our security department with a message questioning its validity. Let’s security tell me if emails are legit or not.
My normal method is I will hit the phishing attempt icon that IT Security added to our Outlook on anything that I did not request or sign up for.
I’m sure the IT Security person who saw all the “free gift card” emails had a great Christmas if they claimed all the gift cards emails they deem legit.
I always right-clicked for the “more info” (or whatever it was) with any suspicious email. It would look like a bunch of html code that I didn’t really understand, but buried in there would be a company name that was usually obvious, like “phishtesting.com” or some bullshit.
I always had a 100% report rate, and always joked that I was waiting to get a prize for my accuracy. And obviously, also a joke to ever think I would get anything for it
I created an inbox rule for these. The 3rd party phishing shame-and-train company my employer uses always has a certain domain in the email header (even though they always change the ‘from’ address). Has worked perfectly for over 6 months. I’m generally not dumb enough to click on them anyway. But anyone can have a bad day and/or get into a rush and make a mistake. And my boss is a sadistic prick who delights in making workers feel dumb. Yet I’m 100% sure he exempts himself from the phishing shit tests.
The point isn’t to be so tricky to make it too hard for end users to catch it. It’s to train them to start looking at things such as senders domain and to report messages and avoid the link, etc.
Mine always have the ReplyTo field set to the email of the senior security analyst, so I always say hi and tell them that maybe the higher ups need some training on how to not send sketchy as fuck emails that train people to click on phishing links.
Maybe this package isn’t installed either, since I get some sort of error message: Usage: /usr/sbin/update-icon-caches directory [ … ] I tried assigning some directory to it like this: sudo update-icon-caches /usr/share/icons But this didn’t change anything either.
Damn, this reminds me of what happened to me. A girl I had the biggest crush on was lying in bed and saying take your shirt off and come over here. Back then I was super self-conscious about my body so I said: “Haha, why? No, I don’t want to”.
lemmy.blahaj.zone
Oldest