My company: click this link to take your cybersecurity training immediately or risk termination
Training: be wary of emails creating a sense of urgency and fear asking you to click a link
Was in DEI training the other week, and HR mentioned their low response rate to surveys. One of the participants pointed out that the survey emails check off basically every red flag for phishing. HR, despite also doing the phishing training, was surprised by this feedback.
A few weeks after mandatory security training, our HR dept sent a company wide email that mainly consisted of "click this link to view a message from our CEO"
People in my Org, including the CyberSecurity Director, will send an email with a link and add "This link is safe to click".
OK then. Let's fucking party!
Be sure to ask for confirmation in writing that this definitely isn't a cyberattack first, and that your boss takes full responsibility for any consequences to your clicking on a link in a suspicious looking email before doing it.
Just in case.
The IT dept at a former employer used to send out emails with blind links that went back to them. If you clicked, you got scolded, if you emailed to report it as possibly fraudulent you got an "atta-girl/boy"
We get those at my company - sadly, they’re WAY more obvious than the actual phishing emails so I don’t know that it’s really teaching people anything.
There's the problem that people will get used to the "training emails" being sent too, so that they take the phishing emails less seriously thinking they're just another training test.
So true. Although to her credit the woman who manages them for my office always precedes them w/ an email from her individual address saying "Our vendor is about to send the monthly training. Here's a screenshot of what it will look like. Yes, it's safe to click it. Please click it."
Our lot like to test you by sending irregular fake "phishing" email, and if you identify them as phishing you pass the test, if you click the link you fail. What they don't appear to realise is there are header elements which allow easy identification, so I've set up a rule to "file them away".
At my workplace, security has to keep sending out messages that the CEO will never send me a random email asking me to buy gift cards and send her the numbers from them. Who is falling for this nonsense?
Literally I was not able to access our training through our Okta tiles and had to click an email link and told my manager that I thought that was hilarious