My company started with mandatory cybersecurity trainings for all employees. The training tool sends out automated emails to remind you when you have to do a new part of the training.
These emails, from a cybersecurity course, followed all the rules of being a phishing email:
Sent from a non-company server
Had a big red button to click here
Urged you to take action (“You have 5 days to complete your training”)
IT decided to fix that, by adding a line to the emails that this email is really from our company. Like a phisher wouldn’t think of saying “nah, trust me bro, I’m totally legit”
My company started with mandatory cybersecurity trainings for all employees. The training tool sends out automated emails to remind you when you have to do a new part of the training.
These emails, from a cybersecurity course, followed all the rules of being a phishing email:
IT decided to fix that, by adding a line to the emails that this email is really from our company. Like a phisher wouldn’t think of saying “nah, trust me bro, I’m totally legit”