My company started with mandatory cybersecurity trainings for all employees. The training tool sends out automated emails to remind you when you have to do a new part of the training.
These emails, from a cybersecurity course, followed all the rules of being a phishing email:
Sent from a non-company server
Had a big red button to click here
Urged you to take action (“You have 5 days to complete your training”)
IT decided to fix that, by adding a line to the emails that this email is really from our company. Like a phisher wouldn’t think of saying “nah, trust me bro, I’m totally legit”
My company sends out these kids of phishing scam test emails too. They were actually pretty decently faked. But, they use the same identifying string in the header of each and every one, so I made an outlook rule to quarantine them In a particular folder so that I could correctly report all of them. Occasionally I report the weird legitimate email surveys we get from HR too and mass emails from IT with bad spelling, just so they don’t get suspicious of my perfect record.
My company started with mandatory cybersecurity trainings for all employees. The training tool sends out automated emails to remind you when you have to do a new part of the training.
These emails, from a cybersecurity course, followed all the rules of being a phishing email:
IT decided to fix that, by adding a line to the emails that this email is really from our company. Like a phisher wouldn’t think of saying “nah, trust me bro, I’m totally legit”
My company sends out these kids of phishing scam test emails too. They were actually pretty decently faked. But, they use the same identifying string in the header of each and every one, so I made an outlook rule to quarantine them In a particular folder so that I could correctly report all of them. Occasionally I report the weird legitimate email surveys we get from HR too and mass emails from IT with bad spelling, just so they don’t get suspicious of my perfect record.