I work somewhere where our IT department is constantly sending out fake phishing emails to try and catch us off guard and prepare us for real attempts.

It feels more like they are determined to just catch us for the inevitable punishment of more training.

So I created a Flag in Gmail that basically puts all external emails right into a folder called EXTERNAL. Once a week I go in and just report every email in it.

Comments

You must log in or register to comment.

InsideHorror9726 t1_iu6muf7 wrote on October 28, 2022 at 11:14 PM

If you're doing something which is potentially preventing you from falling for a phishing attempt, it looks like their training was effective.

Especially if you were able to somehow abstract phishing attempts enough to be able to rule them out via built-in rules in your mail server.

Props to your IT team, they're doing a good job.

keepthetips t1_iu4p6bi wrote on October 28, 2022 at 3:08 PM

Hello and welcome to r/LifeProTips!

Please help us decide if this post is a good fit for the subreddit by up or downvoting this comment.

If you think that this is great advice to improve your life, please upvote. If you think this doesn't help you in any way, please downvote. If you don't care, leave it for the others to decide.

spider-bro t1_iu4vx2u wrote on October 28, 2022 at 3:53 PM

How would a flag on external email catch phishing attempts from the IT department?

madpacifist t1_iu4wu0f wrote on October 28, 2022 at 3:59 PM

Presumably OP is not in a customer facing or B2B position. For many others, however, this blanket approach is going to have a lot of false positives and missed genuine communication.

westbee OP t1_iu5a76o wrote on October 28, 2022 at 5:28 PM

This is true. I used to work for a graphic design department where this would not work at all.

My current job though we don't deal with any external emails at all, so it works great.

westbee OP t1_iu592zw wrote on October 28, 2022 at 5:20 PM

IT department sends emails using external emails. Meaning emails from outside the company.

So I just flag all emails coming in from outside the company.

[deleted] t1_iu5756s wrote on October 28, 2022 at 5:08 PM

[deleted]

guitarstitch t1_iu503o9 wrote on October 28, 2022 at 4:21 PM

It's all fun and games until you get a ransomware attack.

Interesting that your IT department, good intentioned though they may be, wouldn't use something like KnowB4 instead of a homebrew solution.

DroolingSlothCarpet t1_iu53ybe wrote on October 28, 2022 at 4:47 PM

Your corporate email is through Gmail?

NaturalSelectorX t1_iu54yd0 wrote on October 28, 2022 at 4:53 PM

Google offers business email just like Microsoft.

DroolingSlothCarpet t1_iu552n0 wrote on October 28, 2022 at 4:54 PM

Yes but with domain names, not Gmail.com

NaturalSelectorX t1_iu56sfb wrote on October 28, 2022 at 5:05 PM

It's basically the same interface, so I imagine OP is calling Google's interface "Gmail".

westbee OP t1_iu58vhe wrote on October 28, 2022 at 5:19 PM

Not my current corporate email.

Although I have been with several companies that do in fact use business Gmail.

So the company name and url is still in the email such as, Dave@boxcompany.com, but we use gmail as the platform to send/retrieve those emails. Kind of like how most companies use Outlook, we just used Gmail in most of the places I have worked.