... You must be one of my co-workers. Except that we just delete ours rather than labeling them.

Here they started doing such phishing tests a while ago and our IT department had significantly worse stats than other departments, in terms of how often we would click on the link in the phishing mail.

And yeah, the conclusion was that we were just being asshats that decided to poke around in the obvious phishing mails for the fun of it. Rather than getting extra security training, management told us to just stop dicking around, so that our stats look better.

X-Phish

Where I work they use the microsoft phishing simulation, for which they publish a list of domains they send from.

I have the same thing. All the emails come from nova.phishme.com so I have outlook set to mark them as junk so I can "report" the phishing attempt.

Thanks for the tip!

For real! A course is work. If I'm working I get paid for my time. End of story.

Don't let them rob you! (any more than they already are)

"Blah blah blah... 'click sign in'... Okay, gotcha!"

I worked at a company where everyone would try and send an email to themselves from an unlocked PC. That mail contained a heads up that the victim willl bring cake into the office e.g. next tuesday. They then were typically forwarded to the whole team while thanking them for their generosity.

It really hammered that lesson home and the victims did honor the cake-mails. Only downside was, that this led to people to tryimg to bait each other into leaving their PCs unlocked and creative countermeasures, such as delaying mails containing the word 'cake'.

I created a little script that ran on startup that would wait a random amount of time between 5 and 15 mins and would just hit the left key once. I dropped it on a dev's computer when he left it unlocked and forgot about it. After weeks of torment, it activated while he had a YouTube video so he figured out it wasn't his fault. He was convinced it was the keyboard and started harassing IT so I had to come clean.

Jokes on me though, every time there was any quirk on his computer, server, or with his code he blamed me and didn't believe me.

Or have some fun with https://whitescreen.tv/fake-blue-screen/

It is a good practice to start what we call "Hasslehoffing"

It is where you change the background to a picture of David Hasslehoff every time someone leaves their PC unlocked for a long enough time to change the background. The more it happens, the sexier he gets.

I urge other colleagues to do the same. The only defense there is against that is to lock your PC every time you leave your desk. It really works.

Because fuck you.

• middle management.

Upper management - make sure everyone is in for 9 for training

middle management - fuck better make sure everyone is there, everyone in at 8 for training,

lowest manger - shit there is no way user will be in at 8, shit bag user be in at 7 for mandatory training!

Its some kind of American exceptionalism thing we're too normal to understand.

Training courses are during business hours or nobody would show up to them in Australia (and I'm guessing its the same in the UK from your username).

So shafted by their work culture they don't even question the meme..

Look out Toonces!!!

I wouldn't sign that. I work in government, and with new generative AI tools some of the emails are getting very good.

We had one sent to an applicant pretending to be me thay appeared to have scraped data from staff reports and minutes for public meetings for vatiances and SUPs. It was very detailed.

It had also scraped our fee schedule, so it had convincing fee amounts with links to the relevant codes and everything. It's just that the payment site was not actually us, but a site made to look just like us with a 1-letter change.