Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
cameron_b 6 days ago

Hey, simulating the hack is a lot better than using some canned tool with blatant knowbe4 urls.

Workaccount2 6 days ago | parent | next [-]

The problem is that if you click one of the links, you need to do (well sort of) the hour long phishing class and testing again. But of course, nowhere in the class do they say anything about not trusting e-mails from a known safe domain.

Whats funny though is that if you click the link in a phishing test, they will e-mail you to complete the training. But there is no enforcement (general management doesn't care), so you just get a daily e-mail telling you that you are overdue. It also however stops them from sending the fake phishing emails. So a bunch of us clicked the phishing link, marked the "do your training" e-mail as spam, and now never get bothered.

arcfour 5 days ago | parent [-]

Where I was, they tracked who didn't do it, and came down on them, then their manager, and then it became an HR issue. Only one or two people went down the HR path, and then they did the training pretty quickly. Of course it didn't start harsh, just "hey, a reminder, we are tracking this and you need to do it" but when you blatantly ignored it the response got more firm.

Also, the last one I took they talked about phishing using a malicious Google docs link IIRC.

Anecdotes don't mean you know everything about a system.

201984 6 days ago | parent | prev | next [-]

For anyone subjected to these, they usually contain the header X-PHISHTEST which you can create a filter for, and then either send them to trash or put them in a special folder so you can report them later.

bongodongobob 6 days ago | parent | prev [-]

You can use whatever urls you like.