We found out that 10% of our users entered their password.
password123
Oh wait, that wasn’t the question?
They haven’t fooled me yet. They’re actually fairly easy to spot.
The last round my company did was pretty damn good. The email itself was well done and professional looking. They even registered a domain that was one letter different than the company name for the source email domain and the phishing form.
It was still one of those things that makes you hesitate like “your password has expired, click here to reset it” and the email client blatantly flagged it as being from outside our true domain. The client warning was the easy thing to spot, the rest was really well done.
That’s the odd thing with where I work, until recently all the phishing simulations were from within the company domain and so lacked the [External…]
It’s not impossible for an already infiltrated network, but I still expect to see that it came from outside. Maybe that’s me, tho.
Wdits: spullings <- like those
I need that template :D
I got phished circa 2001. Got about three thousand drained from my bank account which I shockingly got back. (Though Elon’s PayPal threatened to sue me over it but never did when I told them to come and get me over the failure of their own security)
I’ve never responded to any email requesting login since no matter how legitimate it may be.
My company is the only one trying to phish me at work