• cerement@slrpnk.net
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    7 months ago

    except too many companies take that extra step of being annoying:

    • you get a write up if you fall for the phishing
    • you get a write up if you don’t fall for it but also fail to report it
    • you get a write up if you don’t fall for it and do report it but don’t use the correct report form
    • MotoAsh@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      7 months ago

      We’re supposed to forward the spear fishing emails to IT but I always just report as spam and go about my day. Was only nervous the first couple times I ignored an obvious internal phishing test but apparently they don’t care if we don’t fall for it.

      • BubbleMonkey@slrpnk.net
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        Mine was like that too so I just deleted them and moved on. I sat right next to the security team and would thus know when they were going out, so they gave no shits as long as you didn’t fall for it.

        It also helped that my team was the only in the company that didn’t really get email. Everyone else got hundreds a day (no joke, they used way too many mail lists) and we got maybe 5-10, all internal or auto-generated, so everything was super obvious, and IT was well aware of this.

    • HubertManne@kbin.social
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      7 months ago

      you also fail if you use the right form but don’t staple a cover sheet for the tps form followup.

    • Boozilla@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      Where I work, they haven’t taken it that far yet. But I would not be surprised if they go to that in the future. The email rules / filters can still help with it.

    • criticon@lemmy.ca
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      Yeah my company sets a goal of how many you need to report every year, if you don’t then you need to take mandatory training (same if you fail and click on a link)