6
Why does nobody talk about phishing tests that backfire on your own team
Last Tuesday we had a phishing simulation at work and I almost called out the IT guy by name because the fake email was so obviously fake. It was one of those 'click here for your free pizza' emails and I sent a group reply saying 'nice try Jerry' before I realized it was the real test. Turns out my whole department did that and now HR is saying we failed the awareness check. But honestly the email was so silly that nobody took it serious. Has anyone else seen a security drill turn into a joke instead of a learning moment?
3 comments
Log in to join the discussion
Log In3 Comments
the_blair2d ago
Maybe it's just me but aren't phishing tests supposed to be obvious so you learn?
5
andrew7782d ago
Is it possible the test is meant to train your gut reaction and not just your brain? The whole point is to make you pause on something that feels a little off, not just spot the obvious scam artist every time. If every phishing test was glaringly fake, you'd never learn to catch the subtle ones that actually hurt people.
2