What is Nostr?
cR0w /
npub1z3s…p45m
2024-01-10 17:08:32
in reply to nevent1q…unte

cR0w on Nostr: To prove the point that users will continue to click links, regardless of how obvious ...

To prove the point that users will continue to click links, regardless of how obvious it is that they shouldn't, I worked with the person in charge of the monthly phishing trainings at $dayjob last month. Historically, they have used the hated ruses like fake gift cards, and I wanted to try to get away from that, especially during the holidays. We ended up using something to the effect of the following:

---
Hello <first name>,

Happy Holidays. This is the monthly phishing test. Yes, really. It's not a trick. Use the <phishing reporting function> to report this as phishing. If you do not know how to use <phishing reporting function>, feel free to ask a colleague. If you still have questions, search for <phishing reporting function> on <internal docs site>.

Do not click the following link as it is there for metrics and will cause you to be assigned phishing awareness training: <phishing training 'malicious' link>

Sincerely,
IT Security Team
---

I don't know how well it was received by users, but I do know that we still had more clicks than two other months in 2023, despite being explicitly told not to click the link. Users will always click links with their link-clicking machines. Relying on their discretion is either ignorant, or I expect in some cases, malicious in that there will always be a scapegoat to blame for the inevitable breach.

#phishing #infosec
Author Public Key
npub1z3sfut2znnrtgl0qt4q6npq8zmjd9c97ck0gh0me44ua6lzaaajq6cp45m