• RetroRandy@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I quit reporting any emails at my job. Reported one from an outside source once, but it wasn’t technically a phish. So I received mandatory online safety courses for “wrongly reporting a phishing scam”. Which was the same courses I was already forced to take a few months prior. I was pissed.

    • thirdtower@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      That’s gotta be one lazy IT team or a terrible training firm, if they’re expecting training to “solve” phishing, at the cost of causing security fatigue on users.

      What a terrible policy.

      In my firm, we never raise a fuss over someone suspicious of phishing, because it’s our job, not theirs.

      If anyone was actually reporting so much that it’s impacting firm time, yah don’t sign them up for training, we just talk to them.

    • SpicyPeaSoup@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      My workplace thanks us for reporting pretty much anything. What your place is doing is making people too scared to report. Smort.

    • Tempiz@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Your security team sucks. Users should be encouraged to report anything sus, even if it occasionally results in a false positive.

    • namesare4squares@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Are you kidding me? I would kill for a user base that over reports.

      Better that than the guy who downloads taxformpdf.exe and runs it without a second thought.

  • Square Singer@feddit.de
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Our phishing test emails have a special header so they are ignored by the spam filter.

    I created an email filter that checks for this header and sends all emails with that header into the spam folder.