It can be a challenge to train people who aren’t computer savvy about how to avoid being phished or hacked online.
At least one IT department discovered that it can be just as hard to get them to click on links that are safe, after you’ve trained them not to.
OP worked for a financial institution that often dealt with cyberattacks. Since they employed a lot of older people who weren’t up to speed on internet things, they trained them by sending fake phishing emails.
I work for some years in a big financial institution.
As you can guess, our servers are often under cyberattack. So the IT service regularly pushs security updates on our laptops and organizes sensibilization campaigns about data security.
One of their pet peeves is to send mass-mails inciting employees to click on a link.
Then they yelled at them if they clicked.
Then, they would mass mail that it was a trap to teach us about Phishing.
As our greatest experts have learned their job in the time of of paper and pencil, it is not an unsound strategy.
It worked…but now when IT sends an email they actually need people to click through…
But by now, there is probably nobody who would still get caught doing something stupid.
Yesterday, we received a message from Microsoft asking us to click on a link to access to the new teamwork platform of the institution.
Nobody heard about such platform, and we already have more than we need. So nobody clicked the link.
Today we received another Email from IT service stating that the Microsoft message was NOT phishing. It seems that their training is been so efficient that the institution as a whole refuse the security updates.
Personally, I am still not convinced it is not a double phishing. So I will wait some weeks to see how goes.
You never know!
I’m not sure if this is a win or a fail, to be honest.
They really want that to sink in.
They really did it to themselves.
Apparently this is a popular tactic.
Financial institutions do need to be really careful, though.
There could be a way to tell if you’re being tested, though…
I’m glad I don’t have to worry about things like this.
At least, not today.
Thought that was a crazy story? Check out what this employee did when their manager refused to pay for their time while they were travelling for business.