Oh man. This is brilliant for phishing training. Get through some armor. Don’t let your biases get in the way. You can do a variation around this theme. One could be similar to above. Another is one that says you can opt-into this kind of thing by “Managing Preferences”. You’ll hit a large swath of people without them paying too much attention. I like this.
Reminds me of the COVID relief payment simulated phishing emails that made headlines. People complained that they had to take additional training after clicking some “Click here to retrieve your COVID relief funds” link during the early days of the pandemic that turned out to actually just be their corporate IT team sending a simulated phishing attack. They expected that this was the official government relief page that they have been waiting for, and were excited for the financial relief. Many people claimed that it was not okay do “prey” on people’s desperation at this point, but these simulated phishing emails were just getting people wary of the real thing. Actual scammers who were actually attempting to steal your money were absolutely sending these types of COVID relief phishing emails for real. So, these simulated emails were just preparing users in case one if the real spam emails happened to slip through the filters.
People get mad when they feel like they weren’t ready for training, but to your point, that’s why we train. To make you more aware when the real thing comes. Check all of your links. Verify it’s real before just clicking through.
The issue has come from some companies threatening jobs when people don’t perform properly. I would love it if people saw this as just training and not a personal attack. You fell for the trick now how do you not get tricked next time? It might help if we did a quarterly report and put it on the intranet for people to see how many got clicked. Don’t make it a Wall-of-Shame, but a report to see how good things have been going. Put out sample emails that were the trickiest and what were the tells. Make Security a thing that is a growth aspect, not a shaming tactic.
Oh man. This is brilliant for phishing training. Get through some armor. Don’t let your biases get in the way. You can do a variation around this theme. One could be similar to above. Another is one that says you can opt-into this kind of thing by “Managing Preferences”. You’ll hit a large swath of people without them paying too much attention. I like this.
People don’t think too good when they’re emotional, so this would be very effective.
Reminds me of the COVID relief payment simulated phishing emails that made headlines. People complained that they had to take additional training after clicking some “Click here to retrieve your COVID relief funds” link during the early days of the pandemic that turned out to actually just be their corporate IT team sending a simulated phishing attack. They expected that this was the official government relief page that they have been waiting for, and were excited for the financial relief. Many people claimed that it was not okay do “prey” on people’s desperation at this point, but these simulated phishing emails were just getting people wary of the real thing. Actual scammers who were actually attempting to steal your money were absolutely sending these types of COVID relief phishing emails for real. So, these simulated emails were just preparing users in case one if the real spam emails happened to slip through the filters.
People get mad when they feel like they weren’t ready for training, but to your point, that’s why we train. To make you more aware when the real thing comes. Check all of your links. Verify it’s real before just clicking through.
The issue has come from some companies threatening jobs when people don’t perform properly. I would love it if people saw this as just training and not a personal attack. You fell for the trick now how do you not get tricked next time? It might help if we did a quarterly report and put it on the intranet for people to see how many got clicked. Don’t make it a Wall-of-Shame, but a report to see how good things have been going. Put out sample emails that were the trickiest and what were the tells. Make Security a thing that is a growth aspect, not a shaming tactic.
Phishing attempts are already effective. It’s scary how often people fall for it.