We’re supposed to forward the spear fishing emails to IT but I always just report as spam and go about my day. Was only nervous the first couple times I ignored an obvious internal phishing test but apparently they don’t care if we don’t fall for it.
Mine was like that too so I just deleted them and moved on. I sat right next to the security team and would thus know when they were going out, so they gave no shits as long as you didn’t fall for it.
It also helped that my team was the only in the company that didn’t really get email. Everyone else got hundreds a day (no joke, they used way too many mail lists) and we got maybe 5-10, all internal or auto-generated, so everything was super obvious, and IT was well aware of this.
Where I work, they haven’t taken it that far yet. But I would not be surprised if they go to that in the future. The email rules / filters can still help with it.
Yeah my company sets a goal of how many you need to report every year, if you don’t then you need to take mandatory training (same if you fail and click on a link)
except too many companies take that extra step of being annoying:
you also fail if you use the right form but don’t staple a cover sheet for the tps form followup.
We’re supposed to forward the spear fishing emails to IT but I always just report as spam and go about my day. Was only nervous the first couple times I ignored an obvious internal phishing test but apparently they don’t care if we don’t fall for it.
Mine was like that too so I just deleted them and moved on. I sat right next to the security team and would thus know when they were going out, so they gave no shits as long as you didn’t fall for it.
It also helped that my team was the only in the company that didn’t really get email. Everyone else got hundreds a day (no joke, they used way too many mail lists) and we got maybe 5-10, all internal or auto-generated, so everything was super obvious, and IT was well aware of this.
Where I work, they haven’t taken it that far yet. But I would not be surprised if they go to that in the future. The email rules / filters can still help with it.
Yeah my company sets a goal of how many you need to report every year, if you don’t then you need to take mandatory training (same if you fail and click on a link)