Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
abtinf 6 days ago

Or just report their mandatory compliance emails as phishing attempts.

I’ve worked for multiple large companies where the annual IT security signoffs look exactly like malicious emails: weird formatting; originates from weird external url that includes suspicious words; urgent call to action; and threats of discipline for non-compliance.

All this money being spent on training, only to immediately lull users into accept threats.

grimgrin 6 days ago | parent | next [-]

you may or may not add a condition for emails with X-PHISH in its headers

unlikelytomato 6 days ago | parent [-]

They block this and force it to show up in my inbox

pirates 6 days ago | parent [-]

At my company they force it to land in your inbox but if you manually run the rule afterward it catches them.

leptons 6 days ago | parent | prev | next [-]

The phishing-emails-as-a-test emails were so frequent that I started flagging all emails from our company that had a link in them as phishing emails and let the IT staff tell me which ones were real. They didn't enjoy that so they stopped sending the phishing emails as often. They still send them though, from time to time.

I ended up creating my own browser extension for gmail that blocks clicking on any link unless the domain is whitelisted. Now if I click any link and it's not in the whitelist, it shows a popup that displays the domain name, and I can then choose to whitelist it and then it opens the link, or just keep blocking it. I haven't had to re-take any phishing compliance tests in a long time.

venusenvy47 5 days ago | parent [-]

Aside from the test emails, many emails from contractors that our corporate IT works with have the appearance of phishing. I'm not shy about reporting any of these. Most of the time they say "that's a real email". I like to educate them that their contractors are sending poorly-crafted emails to the whole company.

leptons 5 days ago | parent [-]

The last straw for me was when I received an email "from my boss" telling me of my holiday bonus with a link to click. Well I knew that was a phishing-test email right away because that cheap bastard has never given me a holiday bonus, not even once in the 10 years I've worked there. Some nerve sending out a phishing-test disguised as a bonus, fucking pour some salt into the wound why don't they.

0x3444ac53 6 days ago | parent | prev [-]

The company I work at hired a vendor for their call center software, and said vendor spammed out all kinds of emails to everyone in the org on a daily basis. It was annoying and entirely useless. I just kept reporting them as phishing attempts and encouraged my coworkers to do the same. It worked.