People get mad when they feel like they weren’t ready for training, but to your point, that’s why we train. To make you more aware when the real thing comes. Check all of your links. Verify it’s real before just clicking through.
The issue has come from some companies threatening jobs when people don’t perform properly. I would love it if people saw this as just training and not a personal attack. You fell for the trick now how do you not get tricked next time? It might help if we did a quarterly report and put it on the intranet for people to see how many got clicked. Don’t make it a Wall-of-Shame, but a report to see how good things have been going. Put out sample emails that were the trickiest and what were the tells. Make Security a thing that is a growth aspect, not a shaming tactic.
Yeah, at my last job we had fake phishing emails and if you clicked the link on them then the IT manager would see your name lit up on a dashboard. They were sent out randomly like a regular phishing email. The point is it’s a pop quiz.
My last job posted the failure rate for every single phishing simulation, and nobody ever felt called out as a result.
We had between 1-10% fail any given test, but our ceo got phished successfully by an actual scam, and that had ripple effects because his account was compromised and sent out further phishing. So we all sort of knew that even those at the top fall for it, which made people who failed feel better.
People get mad when they feel like they weren’t ready for training, but to your point, that’s why we train. To make you more aware when the real thing comes. Check all of your links. Verify it’s real before just clicking through.
The issue has come from some companies threatening jobs when people don’t perform properly. I would love it if people saw this as just training and not a personal attack. You fell for the trick now how do you not get tricked next time? It might help if we did a quarterly report and put it on the intranet for people to see how many got clicked. Don’t make it a Wall-of-Shame, but a report to see how good things have been going. Put out sample emails that were the trickiest and what were the tells. Make Security a thing that is a growth aspect, not a shaming tactic.
Yeah, at my last job we had fake phishing emails and if you clicked the link on them then the IT manager would see your name lit up on a dashboard. They were sent out randomly like a regular phishing email. The point is it’s a pop quiz.
My last job posted the failure rate for every single phishing simulation, and nobody ever felt called out as a result.
We had between 1-10% fail any given test, but our ceo got phished successfully by an actual scam, and that had ripple effects because his account was compromised and sent out further phishing. So we all sort of knew that even those at the top fall for it, which made people who failed feel better.