Mastodawn

Dec 21, 2024

Looks like this person got a visit from the ghost of cybersecurity "foreseeable consequences".

"I harassed my users into not opening any emails they aren't expecting, and now they won't open any emails they weren't expecting!"

#phishingtraining

postmodern Nov 19, 2024

Phishing Simulations considered ineffective. Implement 2FA, etc instead.
https://www.computer.org/csdl/proceedings-article/sp/2025/223600a076/21B7RjYyG9q

#phishing #PhishingAwareness #PhishingTraining

CSDL | IEEE Computer Society

Show thread

postmodern May 22, 2024

If you're still stuck doing pointless Phishing Trainings, there's one weird trick to never be bothered by them ever again. Email filter rules! Just add email filter rules to your email client of choice that checks for these email headers which indicate it's a phishing test and automatically move the email to Trash. Presto, no more phishing tests.
https://github.com/postmodern/phishing-training-sigs
#phishing #phishingtraining

GitHub - postmodern/phishing-training-sigs: A crowd sourced list of phishing training simulators and their signatures

A crowd sourced list of phishing training simulators and their signatures - postmodern/phishing-training-sigs

GitHub

postmodern May 22, 2024

Now that Google is finally phasing out Phishing Trainings in favor of Phishing Awareness, hopefully all of the startups that mimic whatever Google does will also follow suite and end this ridiculous security theater.

However, there's something even better than Phishing Awareness: setting up controls to make Phishing useless. Require 2FA on every account. Give your employees YubiKeys. Setup mail server filter rules to move any email not on your known-domains-we-do-business-with list to the user's junk/ folder.
https://security.googleblog.com/2024/05/on-fire-drills-and-phishing-tests.html
#phishing #phishingtraining

On Fire Drills and Phishing Tests

Matt Linton, Chaos Specialist In the late 19th and early 20th century, a series of catastrophic fires in short succession led an outraged pu...

Google Online Security Blog

InfosecDoge Dec 10, 2023

Hey #InfoSec community! I'm on the fence about phishing training – not a big fan due to the risk of breeding mistrust and complacency. But, I'm all ears for data-driven insights.

Got any studies or personal takes on simulated phishing campaigns? Would love to hear both sides to shape some strategies and docs.

Evidence-based studied would be a great help!

Thanks! 🛡️ #CyberSecurity #PhishingTraining

Eric Stein �Feb 26, 2023

Logged into my online banking and they immediately *emailed me* with a link to click to "see my security level" whatever the hell that is. My security level is "doesn't click links in emails that are allegedly from my bank", thank you very much. #PhishingTraining #BankOfAmerica #PleaseGetUsedToClickingEmailsAndProvidingYourBankingPasswordThatsSurelyFine