this post was submitted on 19 Aug 2024
193 points (99.5% liked)

Cybersecurity - Memes

1893 readers
2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world
193
Does your company do phishing simulations? (feddit.org)
submitted 1 month ago* (last edited 1 month ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world
36 comments fedilink hide all child comments
 

We found out that 10% of our users entered their password.

you are viewing a single comment's thread
view the rest of the comments
[–] cron@feddit.org 23 points 1 month ago (1 children)

The whole Microsoft 365 system seems to be quite vulnerable to phishing. Sometimes SSO works, sometimes you need a password, maybe 2FA, maybe not. Many microsoft notification emails come from external sources (with a big banner "this email comes from an external sender, be cautious").

This makes it hard for our brains to spot the small differences that make a phishing campaign successful.

[–] KevonLooney@lemm.ee 22 points 1 month ago (1 children)

The solution is to suspect every external message and send them all to the phishing mailbox. Tell your boss that you are following the phishing training that you did first.

They will have to get their shit together and send important messages from internal mail addresses. That's just laziness.

[–] BearOfaTime@lemm.ee 5 points 1 month ago

Haha, love it