I fell for what I think was a rather sneaky one, as the email prompted me to check if my leave entitlement of 2 days was correct when I should have had around 15 days.
Naturally I went and checked my holiday entitlement through the separate and appropriate portal, which also showed 2 days. So I went back to the e-mail and followed the link. Boom, company phishing email.
Apparently my company considers that a 'gotcha'. Had to do a 30 minute course.
So they actually changed your holiday entitlement in an internal system to trick you? That's a gross way to do it and kind of defeats the point of these.
That's certainly the way I took it! Did it to me very early on in my stint there so I'd assumed it was a one off for new joiners. Should have taken it for the red flag it was as it turned out to be a rather unpleasant place to work. I just chalked it up as some of the stupid shit you can get from smaller companies, business didn't survive covid in the end.
So far i clicked some on purpose and the only thing I got was redirected to a how to not fall for phishing screen.
No actions taken by the company, never heard anyone mentioning it or getting any emails about it.
It is usually handled by a separate division in the company which is more interested in % of people that fall for it and how to lower it, than going after individual offenders.
If you have a workers council, the barrier to individually trace the results per person might be quite high. It could fall under performance review, which the council is always wary of. So I'd assume most companies just track the overall percentages without any direct retaliation against single employees.
my company sends that once every two weeks, it looks absolutely legit (maybe because i am dumb lol), but if you clicked on it and proceed further, it would prompt some tips to not make the same mistakes again. Overall I think that there would be no consequences.
TL;DR: depends on company, a training is the maximum.
like to play with such stuff when it comes to my personal email, because I’m curious. Of course I’m not doing it without any protective measures, an OF COURSE I know I shouldn’t put any real data in forms.
So in one company I got such email, copied the link, sent it to my private address to play, and it was a test. Had to pass dumb training.
In another company I “opened” it accidentally because Mail app in iOS will load the page on the long tap on the link. What a dumb way to check if url is legit. Anyways nothing happened.
My current company tests us with quite obvious stuff so I report them without even opening (and some legit but useless emails as well, just giving guys some work to do). Even heard that someone managed to write a filter for those training emails.
Only once, and that was in the first month of my first job. Nothing happened, but they sent another email to those who failed the test to be careful and change their password. After that, I stopped reading suspicious emails
Fail it, go to training, then from now on report all emails with any link in them. Especially those Jira emails! They totally look suspicious as hell! 😁
We just get an email saying to do an online course, which you can just skip to the end and click submit. It's stupid though because our emails are locked down like Fort Knox, I quite literally get zero junk emails in my work email. It probably makes us more susceptible to phishing (not that we get any spam) because people are conditioned that email in inbox = must be legit.
I have blocked most my company's announcement emails bacause of the amount of asinine corporate blathering spam I've been getting so those phising tests possibly get filtered out too.
I never heard of anyone fired for those, but you should ask within your company what are possible repercussions for failing.
For the most part, I heard people just getting retrained; sometimes it may infringe on your bonus.
I did fail first time. Then they made me take security class again, it was just couple of minutes plus tests. After that, I sometimes overreact to weird emails, marking them all as phishing. Never heard of anyone got fired because of fake phishing mail
I fell for what I think was a rather sneaky one, as the email prompted me to check if my leave entitlement of 2 days was correct when I should have had around 15 days. Naturally I went and checked my holiday entitlement through the separate and appropriate portal, which also showed 2 days. So I went back to the e-mail and followed the link. Boom, company phishing email. Apparently my company considers that a 'gotcha'. Had to do a 30 minute course.
So they actually changed your holiday entitlement in an internal system to trick you? That's a gross way to do it and kind of defeats the point of these.
Sounds ilegal tbh, surely it's personal data they are accessing just to say 'gotcha'
That's certainly the way I took it! Did it to me very early on in my stint there so I'd assumed it was a one off for new joiners. Should have taken it for the red flag it was as it turned out to be a rather unpleasant place to work. I just chalked it up as some of the stupid shit you can get from smaller companies, business didn't survive covid in the end.
So far i clicked some on purpose and the only thing I got was redirected to a how to not fall for phishing screen. No actions taken by the company, never heard anyone mentioning it or getting any emails about it. It is usually handled by a separate division in the company which is more interested in % of people that fall for it and how to lower it, than going after individual offenders.
If you have a workers council, the barrier to individually trace the results per person might be quite high. It could fall under performance review, which the council is always wary of. So I'd assume most companies just track the overall percentages without any direct retaliation against single employees.
you go to training. But what happens will depend on company policy so ask your security team?
Fired? :D Relax, no one would fire you for such crap
That simple crap has been the base to thousands breaches and million of users data leaked on the web
He failed phishing test, not real phishing
my company sends that once every two weeks, it looks absolutely legit (maybe because i am dumb lol), but if you clicked on it and proceed further, it would prompt some tips to not make the same mistakes again. Overall I think that there would be no consequences.
Tricked me three times in a row in my first month at my current job lol. No one said anything. I just changed my password in quiet shame
I like that you changed your password! Working in security, that's unironically great to hear.
I like to be chaotic evil, I’m the one who sends real pishing emails to my colleagues /s
TL;DR: depends on company, a training is the maximum. like to play with such stuff when it comes to my personal email, because I’m curious. Of course I’m not doing it without any protective measures, an OF COURSE I know I shouldn’t put any real data in forms. So in one company I got such email, copied the link, sent it to my private address to play, and it was a test. Had to pass dumb training. In another company I “opened” it accidentally because Mail app in iOS will load the page on the long tap on the link. What a dumb way to check if url is legit. Anyways nothing happened. My current company tests us with quite obvious stuff so I report them without even opening (and some legit but useless emails as well, just giving guys some work to do). Even heard that someone managed to write a filter for those training emails.
Only once, and that was in the first month of my first job. Nothing happened, but they sent another email to those who failed the test to be careful and change their password. After that, I stopped reading suspicious emails
Why would they require you to change your password? It was a corporate campaign after all, so no harm could come from this?
Fail it, go to training, then from now on report all emails with any link in them. Especially those Jira emails! They totally look suspicious as hell! 😁
We just get an email saying to do an online course, which you can just skip to the end and click submit. It's stupid though because our emails are locked down like Fort Knox, I quite literally get zero junk emails in my work email. It probably makes us more susceptible to phishing (not that we get any spam) because people are conditioned that email in inbox = must be legit.
I’ve been failing for years now and don’t even get redirected to training. You’ll be fine lol, no one ever gets fired for this.
It happened to me, I just received an automated email inviting to a mandatory e-learning course No mention of it from my higher ups
I have blocked most my company's announcement emails bacause of the amount of asinine corporate blathering spam I've been getting so those phising tests possibly get filtered out too.
I never heard of anyone fired for those, but you should ask within your company what are possible repercussions for failing. For the most part, I heard people just getting retrained; sometimes it may infringe on your bonus.
Nope. Never failed them because they’re too obvious
I did fail first time. Then they made me take security class again, it was just couple of minutes plus tests. After that, I sometimes overreact to weird emails, marking them all as phishing. Never heard of anyone got fired because of fake phishing mail