How normal is this?

[user1492538376]

I work for a company which regularly sends fake spam emails internally to check who clicks on the links. They do this a lot and then those who click then have to meet with IT - presumably to be told not to do it again. There is a lot if cyber attacks now which I completely get. However I am sure most of the time people who click just don’t read emails properly and everyone makes mistakes. FWIW I never click on links now unless I am certain of the sender.

How odd! I’ve never heard of this being done before.

We get those too, as do the clients I work for.
the best was when we all got sent a legitimate email
from an external company with a link to click and submit some details. But we didn’t get any notification of it internally in advance and it looked really dodgy so
no one clicked on it 😂

I recognise this. In Financial Services. Small reward for those who spot it (I think there was £1 to charity for each person who did the right thing and reported it as suspect).

That's normal where I work. Its to get people thinking about links and how to spot spam or hackers.

It can only take one person clicking on a link to give someone access.

My company does this all the time. The best one was all expenses paid for for the Paris Olympics. 😂

Quite. My employer do this and so does my husbands. If you fall for it then you need to go for cyber security training

My old employer did this - we worked in a data sensitive industry. I was the only employee who never failed the test :-)

Where I work does that too. It's exactly the people that don't read things properly and just click a link that need to be flagged up, better they do it to a test email that a real phishing scam!

Hmmm I get the risk factor. But I guess people make mistakes and ours seem quite OTT - like what are you going to tell IT in a meeting other than wont do it again and made a mistake?

My employer does this. Sometimes it's links that look to be from a close colleague about something you actually work on!

If some of the employees have repeatedly been told not to click on links yet they are still doing it, then they must be particularly dense. No wonder they need a whacking great reminder from the IT department every so often.

PICNIC

Very normal where I work - they regularly test us to make sure we don't open suspicious (or not so suspicious!) links.

We get these all of the time! 😂

One of the biggest threats to company IT security is through fishing - people think it’s through attacks on IT systems, but the way they get a way into the system is through fishing and employees giving information away by clicking links.

If someone is repeatedly failing fishing tests they need better IT education (it’s not hard guys!) and to be more careful with security.

My company does this too. You don't get called to IT if you do click on one, just an email telling you to be more careful in future

very normal. At my last place of employment the CEO caused great hilarity on an all staff call by reminding the entire organisation to reply to the spam email as it was about food choices for the upcoming all staff conference and he hadn’t clocked it was a fake phishing email 😁

The rule where we work is that you NEVER, EVER click on any link in the body of an email, no matter who it has come from.

@user1492538376 Perhaps your employer needs to upgrade their firewall.

This kind of testing is quite common. Usually if you get caught you'll be required to do extra training.

Lots of companies have lost huge amounts of money through cyber attacks and phishing emails are a common way for those attacks to gain the first foothold. More than one company has collapsed completely. This is a big problem.

IT for my old employer would do this often - was apparently the directors clicking the links most of the time

Happens at my work but I don't know what they say or do to anyone who clicks on a link

Are you thinking of the transport company that went bust? I've heard the owner be interviewed and he said he knows who clicked on the link but has never told anyone else to save that person knowing that they ruined so many lives

My employer does this all the time, as well as laying documents around to test who will report them and who will walk on by.
Its got to the point now where I don't even bother as I know its a set up.
I'm not the only one either.

I believe its called the Law of Unintended Consequences.

We get them regularly too, some are very convincing! We don't get sent to IT if we fail though, you just get a slightly snarky email about being more careful.

We also have regular cyber attack / phishing training.

We get them where I work minus the meeting with IT.

If you click on the link you just get a "Whoops it was a test this time!" message.

Yes, very normal.

Yeah we do it. And if you keep cIicking where you shouldn't you have to do mandatory training on phishing, cybercrime, etc. .

If you keep doing it after repeated training it's a fireable offence.