• zalgotext@sh.itjust.works
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    1 year ago

    Wait. So your friend’s company has the ability to reliably detect phishing attacks, but instead of just blocking them outright, it replaces the malicious phishing links with their own phishing links, sends those on to employees, and prevents them from doing their jobs of they fall for it?

    Sounds like your friend’s company’s IT people are kind of dickheads

    • lazyshit@sh.itjust.works
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      I work at a company that does something similar; it can be annoying to deal with these fake phishing emails from our own IT, but a 10-15 minute training session if you fail is a lot less disruptive than what can happen if you clicked the real link instead.

      I consider myself a bit more tech-savvy than average, but I’ve almost fallen for a couple of these fake phishing emails. It helps me to keep up with what the latest versions of these attacks look like (and keeps me on my toes too…)

    • rbits@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Well the company probably can’t detect them reliably, so wih the ones it does detect it trains them to avoid the ones that they can’t detect.

    • cynar@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      It’s not every phishing email. I think it’s technically those that get through the initial filters, and get reported, but don’t quote me on that. Apparently it’s quite effective. They also don’t need to report every one. It’s only if they do something that could have compromised the company that causes a lock down. It’s designed to be disruptive and embarrassing, but only if they actively screw up.