We get those, but the sender email shows up as blahblah@employersname.kn0wbe4.compromisedblog.org or whatever. Literally the most obvious possible address. I’m always tempted to forward one to IT and ask if they’re serious with that shit.
Ours are the opposite: the sender’s email shows up as a normal name@company.com email. Gmail is supposed to warn when a return address is being spoofed like that, but I guess my company turned that warning off for these fake phishing emails. There’s still no SPF but I don’t check the SPF unless an email looks suspicious so I hope that that warning will work for real, sophisticated phishing.
We get those, but the sender email shows up as blahblah@employersname.kn0wbe4.compromisedblog.org or whatever. Literally the most obvious possible address. I’m always tempted to forward one to IT and ask if they’re serious with that shit.
Ours are the opposite: the sender’s email shows up as a normal name@company.com email. Gmail is supposed to warn when a return address is being spoofed like that, but I guess my company turned that warning off for these fake phishing emails. There’s still no SPF but I don’t check the SPF unless an email looks suspicious so I hope that that warning will work for real, sophisticated phishing.