The only way to win is to not play

Terminus@mander.xyz · 1 year ago

The only way to win is to not play

Square Singer@feddit.de · 1 year ago

Our phishing test emails have a special header so they are ignored by the spam filter.

I created an email filter that checks for this header and sends all emails with that header into the spam folder.

Surreal2625@lemmy.world · 1 year ago

When someone sends you an email, by default you just assume it’s fraud - Walter Wallis

Naja Kaouthia@lemmy.world · 1 year ago

This is an effective method that I myself use.

shikitohno@kbin.social · 1 year ago

Just automate it away. My job uses the phishing alarm button for reports, so I can’t totally automate the process, but I’ve set up a rule in Outlook to put all the phishing test emails in a separate folder based on the headers. I can just let them sit there if I want, or just hit the report button without thinking twice about it.

Autonomous@lemmy.world · 1 year ago

no they only award the people who send in the most phishing emails here. people who don’t open them at all are given no recognition whatsoever.

BuffLettuce@kbin.social · 1 year ago

As IT, I like when i get emails from Co-workers who forward me their spam emails that made it thrugh not just Microsofts detection, but Proofpoints as well and came out “Clean” but is obviously a phishing email. I wish some people would ignore their emails more often…

NegativeLookBehind@kbin.social · 1 year ago

You deserve a raise.

RetroRandy@kbin.social · 1 year ago

I quit reporting any emails at my job. Reported one from an outside source once, but it wasn’t technically a phish. So I received mandatory online safety courses for “wrongly reporting a phishing scam”. Which was the same courses I was already forced to take a few months prior. I was pissed.

namesare4squares@kbin.social · 1 year ago

Are you kidding me? I would kill for a user base that over reports.

Better that than the guy who downloads taxformpdf.exe and runs it without a second thought.

thirdtower@lemmy.world · 1 year ago

That’s gotta be one lazy IT team or a terrible training firm, if they’re expecting training to “solve” phishing, at the cost of causing security fatigue on users.

What a terrible policy.

In my firm, we never raise a fuss over someone suspicious of phishing, because it’s our job, not theirs.

If anyone was actually reporting so much that it’s impacting firm time, yah don’t sign them up for training, we just talk to them.

SpicyPeaSoup@kbin.social · 1 year ago

My workplace thanks us for reporting pretty much anything. What your place is doing is making people too scared to report. Smort.