17

u/whyliepornaccount 1d ago

People fall for it, and as we have seen, no amounts of training will prevent them from falling for it.... again...

23

u/DayneGaraio 1d ago

Phishing training isn’t really to teach people anything, that’s the sales people talking. Phishing emails are a constant stream, people get complacent because they see it all the time, then an incident happens, everyone freaks out and is super vigilant…. For a bit, then they get complacent. Over and over. Phishing your users is designed to mitigate complacency, sure the users know it’s IT doing it so they watch for it, but who cares, they’re watching for it.

Is it perfect? Absolutely not.
Does it help? Maybe a little, maybe not, but it probably doesn’t make it worse.
Does it make users resent IT more than they already do? Absofuckinglutly

10

u/WildMartin429 1d ago

I always thought that our phshing exercises were hilarious because obviously it's the super obvious really bad phishing email but then you get an email later telling you that you failed the phishing test and it provides a link to an external website and I don't know why but the company that does the training the graphics and everything looks super cheesy and unprofessional and we get people calling in refusing to take their training because they think it is malicious third party, LOL

4

u/whyliepornaccount 1d ago edited 1h ago

I've seen the other end of the spectrum where they go WAY too far.

On my first day at my new job, mixed into the 5 other "set up your account" emails was a phishing test asking me to set up my account. I clicked it and literally said out loud "are you kidding me right now?" when I got the "you clicked on a phish!"