this post was submitted on 19 Aug 2024
192 points (99.5% liked)

Cybersecurity - Memes

1975 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

We found out that 10% of our users entered their password.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] brianorca@lemmy.world 2 points 3 months ago* (last edited 3 months ago) (1 children)

No, this is about the fake phishing emails that are released inside the network to test user response. If clicked, they report to IT which users need more training.

[โ€“] faebudo@infosec.pub 2 points 3 months ago

Yes I know. We do simulations but we only measure who reports them and provide training how to report them (In the mail itself). No shaming for user who click them and no additional training on how to look at details.

It makes no sense training the user in looking at for example the links if all the big vendors use suspicious links anyway. For example the phishers use OneNote shares to phish, but those are hosted on Microsoft which by itself is legitimate. The only way a user really is able to recognize a phish is if it is unsolicited (report the mail as spam) or if it looks legit but asks for credentials (report it, we use SSO everywhere possible and you should never be asked for credentials for one of our platforms). We cannot do this for all vendors however and the users are encouraged and trained on using Passkeys or Autofill by the company provided password manager so that they get suspicious when no autofill is possible, then they can report the mail.

It's not always possible to recognize phishing from the get go and security is better suited to investigate than rando from the logistics department.