Alt text: Michael Scott Handshake meme. Managers text: “My company Congratulating me on avoiding a phishing test email”. Michael Scott text: “Me, terminally behind on answering email.”

  • @[email protected]English
    219 months ago

    I created an inbox rule for these. The 3rd party phishing shame-and-train company my employer uses always has a certain domain in the email header (even though they always change the ‘from’ address). Has worked perfectly for over 6 months. I’m generally not dumb enough to click on them anyway. But anyone can have a bad day and/or get into a rush and make a mistake. And my boss is a sadistic prick who delights in making workers feel dumb. Yet I’m 100% sure he exempts himself from the phishing shit tests.

      • @TORFdot0English
        39 months ago

        The point isn’t to be so tricky to make it too hard for end users to catch it. It’s to train them to start looking at things such as senders domain and to report messages and avoid the link, etc.

      • @fedev
        29 months ago

        Using this too. But you have to report them, can’t just filter and forget.