Conversation

Notices

1. Embed this notice
   Tek say resist (tek@freeradical.zone)'s status on Tuesday, 07-Jan-2025 02:00:35 JST Tek say resist

   KnowBe4's phishing email tests are waaayyy to easy to trigger:

   1. Get an obvious phishing email on your iPhone.
   2. Press and hold the link to see what the domain is.
   2a. Don't actually visit the page! Just look at the link.
   3. Ta-da! You're enrolled in a remedial phishing course.

   I’ve opened a bug report with them. Punishing users for following the instructions is counterproductive.

   • Embed this notice
     Tek say resist (tek@freeradical.zone)'s status on Tuesday, 07-Jan-2025 03:59:16 JST Tek say resist

     in reply to

     • Rob Carlson :ally: :BLM:

     @vees GAH! That's beyond frustrating.

     I get dinged on our tests all the time. I see an email, recognize it as obvious phishing, then click through so I can see what trap my coworkers are receiving so I can assess and warn them about it. Then I get The Email: “you failed a test! Click here to complete your mandatory training!”

     I am never going to not try to evaluate threats. Might as well sign me up for the weekly training course so I can put it on my schedule.

   • Embed this notice
     Rob Carlson :ally: :BLM: (vees@epistolary.org)'s status on Tuesday, 07-Jan-2025 03:59:21 JST Rob Carlson :ally: :BLM:

     in reply to

     @tek I once got shunted to training for investigating one of the tracking URLs in the email headers with curl. Apparently it was unique to me.