apparently i passed a phishing awareness test last week by correctly ignoring a fake linkedin email
nobody tell my boss that i ignored it entirely on the assumption that it was a real linkedin email
@andrewt A company I worked for hired consultants to send us periodic phishing emails. The emails were sent from assorted domains that were all registered to the consulting company.
Back in the day, WHOIS data was public, so after the first email, I simply looked up all their domains and configured my mail client to flag any mail from those domains with a special label.
This was probably contrary to the spirit of the security awareness program, but I like to think it demonstrated initiative.
@angusm @andrewt @SuperMoosie lol they still do dumb stuff like that, our current pack of idiots include a X-header that mentions their company name phishing test, so I filter on that, unpack the mangled link courtesy of URLdefense, and “click” the link once per minute for a week straight