• @[email protected]
    link
    fedilink
    107 months ago

    except too many companies take that extra step of being annoying:

    • you get a write up if you fall for the phishing
    • you get a write up if you don’t fall for it but also fail to report it
    • you get a write up if you don’t fall for it and do report it but don’t use the correct report form
    • @MotoAsh
      link
      97 months ago

      We’re supposed to forward the spear fishing emails to IT but I always just report as spam and go about my day. Was only nervous the first couple times I ignored an obvious internal phishing test but apparently they don’t care if we don’t fall for it.

      • BubbleMonkey
        link
        fedilink
        27 months ago

        Mine was like that too so I just deleted them and moved on. I sat right next to the security team and would thus know when they were going out, so they gave no shits as long as you didn’t fall for it.

        It also helped that my team was the only in the company that didn’t really get email. Everyone else got hundreds a day (no joke, they used way too many mail lists) and we got maybe 5-10, all internal or auto-generated, so everything was super obvious, and IT was well aware of this.

    • HubertManne
      link
      fedilink
      77 months ago

      you also fail if you use the right form but don’t staple a cover sheet for the tps form followup.

    • @[email protected]
      link
      fedilink
      27 months ago

      Yeah my company sets a goal of how many you need to report every year, if you don’t then you need to take mandatory training (same if you fail and click on a link)

    • Boozilla
      link
      English
      27 months ago

      Where I work, they haven’t taken it that far yet. But I would not be surprised if they go to that in the future. The email rules / filters can still help with it.