970
The devil did this. (i.postimg.cc)
submitted 4 months ago* (last edited 1 month ago) by Irelephant@lemm.ee to c/iiiiiiitttttttttttt@lemmy.world
100 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] slazer2au@lemmy.world 63 points 4 months ago* (last edited 4 months ago)

Sounds about right.

Pro tip, set up a rule in your email client to send any email that contains the following phrases, phishme.com or knowb4, in the header to junk.

Note that I said header, not From field.
It is so stupid that orgs spend thousands of dollars on these products and you can be seen as not being a phishing risk because of their shitty systems.

[-] Bytemeister@lemmy.world 6 points 4 months ago

Here's the thing...

If you are savvy enough to know how to (or look up how to) find the header of your phishing test email service, and then create a rule to filter on that, then you aren't the target for those emails anyway.

[-] slazer2au@lemmy.world 3 points 4 months ago

I would argue that logic gives you a false sense of security. All employees are targets no matter the pecking order.

A product that you are paying thousands of euros for and is required for business certifications like SOC2/ISO27001 or cyber insurance can be so easily nullified is a joke.

[-] AFKBRBChocolate@lemmy.world 3 points 4 months ago

Where I worked it wasn't enough to ignore those emails, we were supposed to hit a button flagging them as a phishing attempt.

[-] slazer2au@lemmy.world 3 points 4 months ago

That is why it goes to junk and not deleted, you can still see them and report them.

[-] SpaceNoodle@lemmy.world 2 points 4 months ago

So just have them tagged instead of junked and do the needful.

[-] AFKBRBChocolate@lemmy.world 2 points 4 months ago

Hmmm, I did a lot of Outlook rules, but I don't remember an ability to run a script when a rule was met. Maybe I just never needed it though.

[-] SpaceNoodle@lemmy.world 4 points 4 months ago

I mean just plonk them on a folder or tag them or whatever, and then you can manually perform the operation at your leisure.

[-] digdilem@lemmy.ml 3 points 4 months ago

This is not reliable.

Phish training companies are using a huge variety of domains, including look-alikes relevant to the test - including valid spf/dkim/dmarc configurations. Exactly as real phishers do - and there's no effective way to automate their filtering.

[-] slazer2au@lemmy.world 2 points 4 months ago

Are you sure? Have you ever looked at the header of an email from knowb4 or phishme? The emails come from their own mail servers.

[-] digdilem@lemmy.ml 4 points 4 months ago

Yes, absolutely. We used to use knowbe4. I'm not saying they didn't do this in the past, but I know for certain they didn't when I checked.

There were obviously hints - the campagns are designed to be detectable - but easy filtering was not one of them, that would be stupid.

this post was submitted on 29 Mar 2025
970 points (100.0% liked)

[Moved to !iiiiiiitttttttttttt@programming.dev, check pinned post.] iiiiiiitttttttttttt.

922 readers
1 users here now

you know the computer thing is it plugged in?

Moved to !iiiiiiitttttttttttt@programming.dev.

founded 2 years ago
MODERATORS
Irelephant@lemm.ee
rindecision@lemmy.world
irelephant@lemmy.world