Tek say resist
KnowBe4's phishing email tests are waaayyy to easy to trigger:
1. Get an obvious phishing email on your iPhone.
2. Press and hold the link to see what the domain is.
2a. Don't actually visit the page! Just look at the link.
3. Ta-da! You're enrolled in a remedial phishing course.
I’ve opened a bug report with them. Punishing users for following the instructions is counterproductive.
Tek say resist
@vees GAH! That's beyond frustrating.
I get dinged on our tests all the time. I see an email, recognize it as obvious phishing, then click through so I can see what trap my coworkers are receiving so I can assess and warn them about it. Then I get The Email: “you failed a test! Click here to complete your mandatory training!”
I am never going to not try to evaluate threats. Might as well sign me up for the weekly training course so I can put it on my schedule.
Rob Carlson
@tek I once got shunted to training for investigating one of the tracking URLs in the email headers with curl. Apparently it was unique to me.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.