alt Hacker NewsI worked for a short time for an American company. They had periodic phishing test from Mitnick. The links in those emails was not to be clicked as it would trigger a mandatory training. The emails also had a header saying they were a phishing test, so I deleted all those emails in a filter.
The company also ran a mail filter called Baracuda or something similar that followed links in emails to see if they were malicious.
I was quite annoyed when I was called to do the mandatory training as "I" had clicked a link (on an email I hadn't seen) and more so when told I had no other recourse than to sit through it.
I resigned shortly afterwards.
Replies
Those knowb4me or whatever supposed security lessons are terrible. In our case the emails included links to external domains (to knowb4) that you were actually required to click, as in really not as a test to see who did it. And you presume to teach me Fing security...
Did everyone get flagged then thanks to Barracuda? You’d think they’d realize there’s a problem if there’s a 100% fail rate.
Edit: also, to be fair, you basically told them you had opted out of the test, so it’s not completely ridiculous for them to ask you to do the training instead.