|
|
|
|
|
|
by briandoesdev
1532 days ago
|
|
|
I ran internal phishing email exercises were I use to work. We never let users know when it was an exercise vs real-world event, they always got the same automated response that it was being looked into and that was all. I guess luckily for our users no one ever received any training or punishment for "falling" for our emails. We use to do it mainly for click rate tracking. |
|
|
The difficulty is that the company has outsourced many functions, meaning that there are external companies I often haven't heard of sending messages we have to interact with. Worse, one of those vendors has a very spammy-looking style and has even mis-spelled our company's name before in their mails.