IT Department Tests Employees With Annoyingly Fake Phishing Emails, So When They Send Real Updates An Employee Flags Every Single One As Suspicious
Scammers are getting more and more believable with their attempts to separate you from your hard-earned money.
I’ve even heard about scammers using voice software to call your loved ones and ask for money with your voice!
But sometimes, its the classic scams that end up getting us… like the time-tested method of Phishing!
And especially if you work in technology, a bad link from a phishing email can end up doing some serious damage!
So when this user’s IT department started sending out emails that accidentally sounded like the phishing tests they perform, he reported every single one!
Check it out!
Go phish
I work in a medium size tech company.
IT securely periodically sends out fake phishing emails and if you click the links you get enrolled in phishing awareness courses.
All of this is quite sensible.
But OP said it was getting hard to tell the difference between IT’s real emails and their fake phishing emails!
However, IT also send round emails which are very phishy.
They’ll come from an odd sender, trying to instill a sense of urgency, often asking you to do some odd thing with your computer:
“Install this software and ignore the warning” or “Click on the link to this external site.”
So OP used his phishing training against the very people who made him complete it!
Here’s the malicious compliance.
I’m pretty sure when it is actually an IT email, but as it’s asking me to do things that are warned against in the phishing training, I’ll always report it as suspicions.
I have a feeling it’s not just me.
Now any time IT send such an email they prior warn us in slack, highlighting it’s a real email and asking us not to report.
What kind of sketchy IT department does OP have at his work? Telling them to ignore the warnings?
Reddit was totally on board for making IT regret their own required training, but this IT engineer actually said OP was helping them out a lot!
And another tech employee agreed, saying flags like OP used are what helps them get better.
And apparently even Fortune 500 companies are not safe from phishy emails!
And this user was reminded of a post about a man who was swindled into IT phishing training.
And finally, this user shared a pro-tip on how to send all the phishing test emails into one folder!
Sounds like IT needs to practice what they’re preaching!
