My Employer Tricks Me With “Simulated Phishing”
Sometime last year, my employer decided to implement a “simulated phishing” campaign which involved sending out “fake” emails to all employees in order to try to trick them into clicking a malicious link, or opening a malicious attachment, or giving away their login credentials – all in the name of “educating” us. Instead of educating it me, it drove me into a state of paranoia and mistrust.
A couple of weeks later, I received my first email that was obviously a scam. “Dear university employees, It has come to my attention that u have not paid your employment fees. Please make payment immediately by click the following link. If u do not make payment today, your contract will be terminated. Yours Sincerely, Vice President University”. Okay, so that was obviously fake, but I reported the email anyway as we were trained to do, and the IT department congratulated me for spotting their first fake email. Success! At first, this all felt more like a bit of a game than anything else.
Another email came a few weeks later, this time, a bit more personalised. “Hi Stephen, I thought you might be interested in this link: ‘Three ways for university employees to get a BIG promotion’. It’s a really good read! Cheers, Peter”. So, hovering my mouse over the link as we were taught, it said something like, fake-link-do-not-click”. Again, I reported the email and yes, it was a simulated phishing attack.
But then, the IT team decided that they were being a bit too easy on us and stepped up their game convincing me to enter my login details. When I did, I was met with, “Haha, we tricked you! Fortunately, this was just a test as part of our simulated phishing awareness campaign”. At this point, I started getting a bit upset. I mean, they were sending out fairly realistic looking emails that could very much have been true, but then almost making us feel a bit foolish when we clicked on them.
Then a few more weeks later, I was sent another email that was obviously fake threatening to suspend my university account if I didn’t take action. Unfortunately for me, the “fake” email wasn’t actually fake and my university account was suspended.
I think that’s the inevitable consequence of these so-called “simulate phishing campaigns”. Exposing people to a barrage of fake phishing attacks clearly has unintended consequences. They make otherwise competent and dedicated employees feel embarrassed and perhaps even ostracised. They make us feel potentially paranoid, and suffer from ‘analysis paralysis’ where even when we receive a legitimate email, we don’t take action due to the fear that we might fall victim to another one of these fake phishing scams. All this campaign has done, I think, is have a negative effect on employee morale, and has created a culture of mistrust. Is that what the university wanted? Perhaps it was.
MUSIC
Melancholia by Godmode
#simulation #phishing #phishingattack
-
4:14
Daily Insight
11 months agoLabor’s Awful Misinfo Bill Rightfully Quashed
2143 -
LIVE
The Quartering
1 hour agoBen Shapiro Vs Tucker Carlson, Blackface Trick Works, Kash Patel Under Fire, Based Woman Vs Trans
5,545 watching -
1:24:44
DeVory Darkins
2 hours agoTrump dominates 60 minutes interview as Democrats surrender to Mamdani
83.9K27 -
LIVE
Dr Disrespect
4 hours ago🔴LIVE - DR DISRESPECT - ARC RAIDERS - FULL SEND INTO THE RED
1,633 watching -
1:50:43
Tucker Carlson
1 hour agoChris Williamson’s Advice to Men: How to Survive a World of OnlyFans and AI Girlfriends
32.3K34 -
19:57
Neil McCoy-Ward
7 hours agoThinking Of Relocating? (You'd Better Act FAST! 🚨)
6684 -
UPCOMING
Jeff Ahern
35 minutes agoMonday Madness with Jeff Ahern
-
1:07:25
Timcast
3 hours agoBomb DETONATED At Harvard, Attacks On Ice Agents SKYROCKET
149K120 -
1:55:31
Steven Crowder
5 hours agoTucker Carlson & MAGA: Everyone is Missing the Point
377K293 -
1:11:22
The Rubin Report
4 hours agoWatch Joe Rogan’s Face as Elon Musk Exposes How Dems Are Cheating in Plain Sight
62.1K80