this post was submitted on 16 Jun 2024
422 points (98.6% liked)

Cybersecurity - Memes

1997 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 107 points 5 months ago (14 children)

My company started with mandatory cybersecurity trainings for all employees. The training tool sends out automated emails to remind you when you have to do a new part of the training.

These emails, from a cybersecurity course, followed all the rules of being a phishing email:

  • Sent from a non-company server
  • Had a big red button to click here
  • Urged you to take action ("You have 5 days to complete your training")

IT decided to fix that, by adding a line to the emails that this email is really from our company. Like a phisher wouldn't think of saying "nah, trust me bro, I'm totally legit"

[–] Randomocity 5 points 5 months ago (2 children)

The correct solution to this is to have the training emails say to log in to take the training, no link in the email at all

[–] [email protected] 10 points 5 months ago (1 children)

A better way would be to have the link be to the company's webserver which could then redirect to the external course.

I offered to set this up for my company (it's not that hard) but nah, they went with telling everyone to click on a link to an unfamiliar site to learn about why they shouldn't click on links to unfamiliar sites.

[–] Randomocity 3 points 5 months ago

Then you are still trusting people to hover the link before clicking which from what I've seen isn't the best. Though there is the added benefit of using this as additional training to hover...

load more comments (11 replies)