| ▲ | thaumasiotes 10 months ago |
| You email them. It's called phishing. |
|
| ▲ | throwaway314155 10 months ago | parent | next [-] |
| Right and now there's a new vector for an old concept. |
|
| ▲ | zwnow 10 months ago | parent | prev [-] |
| Employees usually know to not click on random shit they get sent. Most mails alrdy get filtered before they even reach the employee. Good luck actually achieving something with phishing mails. |
| |
| ▲ | thaumasiotes 10 months ago | parent [-] | | When I was at NCC Group, we had a policy about phishing in penetration tests. The policy was "we'll do it if the customer asks for it, but we don't recommend it, because the success rate is 100%". | | |
| ▲ | bluefirebrand 10 months ago | parent [-] | | How can you ever get that lower than 100% if you don't do the test to identify which employees need to be trained / monitored because they fall for phishing? |
|
|
