Dr. Christopher KunzFeb 19

Is it a good idea to use "account warnings", "third-party OAuth connected to your account", password change warnings etc. for phishing exercises?

Or does this train users to actively ignore or junk these types of e-mails?

This behavior is harmful to overall security.
13.6%
This is what phishers do, so orgs should too.
36.4%
All phishing exercises considered harmful.
50%
Poll ended at .
Show threadMichael MatthaeiFeb 19
@christopherkunz
I vote for option 4:
All phishing exercises must be considered useless.
Show threadDr. Christopher KunzFeb 19
@michael_matthaei I'd argue that security exercise that consumes resources and gives no benefit is not only useless (i.e. net use = 0) but should be considered harmful (net use < 0). Therefore, you're invited to choose option 3. :-)
Show threadMichael Matthaei
😆 @christopherkunz
Thanks - made my day. ok here we go option 3
Feb 19 at 4:39pmWeb