Hacker News new | ask | show | jobs
by throwawaaarrgh 1146 days ago
> EV indicators would be really useful in a corporate setting to mitigate phishing attempts against employees.

Our company puts a big red banner on the top of all emails that come from an external source or don't have DMARC/SPF/DKIM/other security protections. Literally nobody ever checks the banner. It has no effect on phishing click rates. People do not read, or think. They just look for wherever it is expected for them to click something/fill something out, or just click random things to see what something might be.

The only thing that has marginally improved click rates is when we either gamify it, or put all external mails in an external mail folder marked NOT SAFE.
2 comments
pixl97 1146 days ago
If you had a tornado siren go off every 20 minutes every single day of the year, how long before you stopped ignoring the siren? How surprised would you be when a tornado hit 2 year later?

"This product causes cancer" is ineffective when the warning is plastered on everything. Same goes for warning in computer systems.

link
andirk 1146 days ago
San Francisco had a tsunami warning siren that was sound tested every Tuesday at 12pm for 30 seconds. It was fun!

It needed repairs so they dumped it. Few weeks later there was the 1st tsunami warning in ages but it went thru telephone since they dismantled their warning siren.

link
yamtaddle 1146 days ago
Every week? Damn, that's a lot. We do once a month for tornado siren tests, where I am. And not all year, but of course tsunamis aren't seasonal.
link
deathanatos 1146 days ago
Yeah, weekly. (Can confirm.)

I always felt like it sounded like it was saying "noooooooooooooooooooooooooooooon on a Tuesday" to me. Lunch time.

Also always felt like around noon on Tuesdays, we were completely vulnerable; if anything were to happen I would have heard the siren, and wandered outside looking for grub.

There is a subset of San Franciscans that do not hear the siren, too. On a pretty common basis we'd discover someone in the office who had "never heard the siren", somehow. I'm not exactly sure how. It's easily audible inside in the FiDi, and it was audible in the North Beach when I worked there.

link
andirk 1146 days ago
At my doorslam job, they hired a Director of Engineering Architecture or whatever title. He had a strong background in security, they said. Yeah well turns out his background was he led the offshore team that built an anti-virus company's .mobi website for 9 years. 1st hour of 1st day, he clicked the anti-phishing test "Click here to update your drivers" phishing email.
link