we do monthly phishing tests and some of our people are so bad that we put in the test email “this is a phishing email, do not click sign in” above and below the sign in box and they still give creds
seccomp sent pre-notice emails out about the phishing tests that were coming.
75% of the company reported the pre-notice email as phishing (even the CEO).
we did it mostly because the seccomp team was a huge thorn and caused so many unnecessary delays due to them injecting themselves into every single process.
the CSO quit soon after and some of their lackeys with them. we then hired a competent leader that worked with the org to meet compliance and regulatory requirements instead of being a blocker.
we do monthly phishing tests and some of our people are so bad that we put in the test email “this is a phishing email, do not click sign in” above and below the sign in box and they still give creds
“Blah blah blah… ‘click sign in’… Okay, gotcha!”
Some hackers exploited two factor authentication recently by playing on this exact impulse.
Sent a message that looked identical to the two-factor notice and got people to reflexively turn over their private keys.
seccomp sent pre-notice emails out about the phishing tests that were coming.
75% of the company reported the pre-notice email as phishing (even the CEO).
we did it mostly because the seccomp team was a huge thorn and caused so many unnecessary delays due to them injecting themselves into every single process.
the CSO quit soon after and some of their lackeys with them. we then hired a competent leader that worked with the org to meet compliance and regulatory requirements instead of being a blocker.
Sometimes just clicking is counted as a fail.
I click on phishing links just to see how bad the websites are
Yes yes I know about 0days but they’re rare
It is considered a fail, and then inputting passwords in the form is a super fail.
yea but I find that annoying