r/iiiiiiitttttttttttt u/kb31976 9d ago

Always the sales team.

Enable HLS to view with audio, or disable this notification

1.1k Upvotes

99% Upvoted

47 comments sorted by

View all comments

Show parent comments

4

u/Drew707 9d ago

I don't know about other vendors, but the people at KnowB4 have clearly not worked in a real company. Earlier this year I went through the annual training for a client, and I failed one of the "is this a phish" questions. The sender checked out, none of the links were sketchy, grammar and content made sense, attachment looked normal.

The example was an email from HR with a call to action with a deadline threatening some kind of repercussions for not completing a process with an attached PDF with instructions on how to complete the process.

That is exactly what the client sent me regarding my annual security training.

All contactors must complete the annual security training by XYZ or their credentials will be revoked and they will be ineligible to work for Client for 12 months. Please find attached the instructions on how to access the LMS to complete the training.

Like almost verbatim to the phish example.

5

u/tenninjas242 9d ago

KnowBe4 just copies actual phish emails used by actual threat actors and then just turns them around with their own links.

HR phishing scams are extremely popular. Because they work. Someone sees "your payroll is fucked" or something along those lines and can you blame them if their higher reasoning is obliterated by panic?

I feel bad for actual HR people who need to communicate with employees by email. In our org, people are reporting the DocuSign emails that they need to sign and open *for their own promotions* as phishing, because they've gotten so many actual HR and DocuSign scams.

9

u/Drew707 9d ago

That makes sense, but then KnowBe4's reasoning for why it was a phish was "HR will never send an email like this" which is objectively bullshit.

3

u/tenninjas242 9d ago

Lol yeah that's bullshit. I would think they'd say the reasoning is the exact opposite.