I suspect the phishing scammers will appreciate the help in identifying good phishing lures.
Snark aside, it continues to boggle my mind that the people who click on a lure get punished. A failed test indicates a need for system improvements to defeat the lure, not punitive action against the victim.
When someone like Troy Hunt can be successfully phished, expecting anyone to know enough to avoid phishing is insane.
JohnFen · 3h ago
The phishing training in my workplace is so odious, and the consequences for failing a test are high enough, that it's led to everyone just ignoring all unexpected communications. Better to ignore it all than to risk making a mistake. Even emails from known coworkers (the phish test often spoofs as your coworkers) tend to be ignored until the coworker confirms they sent it.
This is great for security (the most secure communication is communication that doesn't happen), but now the suits are wondering why it is that nobody is reading or responding to company emails anymore.
Snark aside, it continues to boggle my mind that the people who click on a lure get punished. A failed test indicates a need for system improvements to defeat the lure, not punitive action against the victim.
When someone like Troy Hunt can be successfully phished, expecting anyone to know enough to avoid phishing is insane.
This is great for security (the most secure communication is communication that doesn't happen), but now the suits are wondering why it is that nobody is reading or responding to company emails anymore.