This is a good one. We get standard phishing tests which make no sense. It is usually a person I don’t know, from a company I haven’t heard of asking me to edit/review a file they share. People who design these tests should know that people do NOT jump into the opportunity of editing/reviewing files or receiving tasks. I imagine real phishing attacks must be smarter than this.
I work for a small-ish but fast-growing municipality, and we’re getting increasingly well-targeted actual attacks. Instead of posing as “The IT department” they’re posing as my boss or the City Manager by name.
This week they even started name-dropping the conference most of the directors were actually attending as an excuse why we wouldn’t be able to reach out and talk to them before the "request$ was due.
This is a good one. We get standard phishing tests which make no sense. It is usually a person I don’t know, from a company I haven’t heard of asking me to edit/review a file they share. People who design these tests should know that people do NOT jump into the opportunity of editing/reviewing files or receiving tasks. I imagine real phishing attacks must be smarter than this.
Not nessecarily. They only need one person to run the file
I work for a small-ish but fast-growing municipality, and we’re getting increasingly well-targeted actual attacks. Instead of posing as “The IT department” they’re posing as my boss or the City Manager by name.
This week they even started name-dropping the conference most of the directors were actually attending as an excuse why we wouldn’t be able to reach out and talk to them before the "request$ was due.