#PhishingTraining #ReportPhishingEmails #EmailSecurity
Have you ever experienced being forced to take phishing training after reporting phishing emails at work? 📧🚫 It seems like a common scenario in many companies, including mine. 🏢
Here’s what happened to me:
– Started receiving tons of spam and phishing emails in a shared department email
– Reported an email 📩
– Got mandated to take a 15-minute phishing training the next day
– Reported another email and had to do the training AGAIN
It’s frustrating, right? It feels like a never-ending cycle! 🔄 I realized that the reason why we get bombarded with shady emails is that some people just don’t bother reporting them. 😩
But what could be a possible solution to this ongoing issue? Here’s an idea:
– Provide more thorough training initially to prevent repetitive sessions
– Encourage employees to report suspicious emails promptly
– Implement a system that verifies reported emails to avoid unnecessary training
Let’s work together to enhance email security and minimize the risk of falling victim to phishing attacks! 💪🔒 Any other suggestions to add? Share your thoughts below! 👇
Nah, you’re supposed to waste 3hrs reporting 100 emails, then tell the boss you’re booked up for the next 3 days doing training… Again and again. Finish the 15min for email #1, then another 15min for #2, rinse and repeat.
They can’t give you shit for doing required training, and you can do fuck all for 4 days every week. Guess you.need overtime to get the work done because the project is a month behind. Keep doing required training on company time, you’ve got another 3 days of training to.do for the emails you didn’t get to report on day 1 of training.
Congratulations you just got paid for a month of 15min required training for reporting phishing emails. Even if you can fast-track the training and it takes 5min instead of 15min, you can still report emails until 1st coffee break then kill 5hrs… And do it again tomorrow.
Maliciously comply until they’re forced to kill the training program.
Spam is different than phishing. We’re you flagging spam as phishing?
I would just keep reporting and doing the training. Better than working.
Do it! Do it!
Our company requires phishing training once a year and an extra training if one does NOT report the company created phishing email.
It is counter productive to punish folks for doing the right thing.
The IT team has to do work when you report the emails. They don’t want to do the work. So they punish anyone who makes a report.
You could pose the question to the head of IT. They might not be aware.
I like reporting corporate emails as phishing, especially if they’re the annoying kind.
It’s just one of those little bite backs that makes work life doable.
I’m guessing there’s someone on the shared email who’s falling for the fake email and somehow IT doesn’t know who’s clicking it so they’re making all of you take the training. Pile of BS, that’s for sure
I had a coworker who took those trainings seriously (for lulz, just to punish the company). Oh, it says please read the enclosed documents (300 pages in pdfs)? OK, he would do it on company time. So some stupid “business conduct” training would take him almost a week. He had fun.
Record your keystrokes for completing the training and use it as a macro to complete the training for your whole workday every day.
This seems like the best opportunity for malicious compliance
I had something similar at my last job. They sent a mass email asking to stop using chrome’s password manager and switch to a dedicated password manager app (a well-known one but of course the free option, which sucks). Since I work with lots of different accounts and environments, I had already been using a different password manager, which I pay for personal use so I asked if they could make an exception, since I have tons of passwords and some features that the free option of the one they want us using doesn’t have.
I was told I couldn’t unless my preferred password used a license associated with my work email (which would block access to my personal passwords in case my work email stopped working). I thanked them and started moving my work passwords over the next couple of days, but just to be sure I got hit with a cyber security audit that they announced as a new thing in the company. Starting that month. And selected a person at random to get it (me). And that never happened again after mine.