How normal is this?

[user1492538376]

I work for a company which regularly sends fake spam emails internally to check who clicks on the links. They do this a lot and then those who click then have to meet with IT - presumably to be told not to do it again. There is a lot if cyber attacks now which I completely get. However I am sure most of the time people who click just don’t read emails properly and everyone makes mistakes. FWIW I never click on links now unless I am certain of the sender.

and the other element the kevin mitnick effect of social psychology, in companies

that too. but these days for most its Netflix etc

My company does this. Only problem is their real internal comms are so shockingly bad that I’ve reported genuine emails more than once.

We had the Paris Olympics one and my personal favourite, Ellie’s holiday pics with a “link” to drop box.

(May not have been Ellie but it was definitely a woman’s name)

There are 6 seasons! We are still on season 1. At least it is fun CPD.

Well this is what I thought. When I was serving we were being drilled to share links instead of sending attachments to cut down on server space for a start.

All the time. Some of them are very sneaky, switching the l in the company email address for an I so theres no discernible difference in the address. Its a bit annoying but admittedly its worked, I fell foul of it once and its made me hyper hyper vigilant (because I cba doing that cyber security training anymore than I have to 😅)

That happened where I work. HR had to send another email telling us it was a legitimate training company and we needed to book using the external link (sorry I did because they demanded my pronouns before we could sign up).

NHS. I've had one. I flagged it as spam and got a congratulations for spotting this email.
No idea what happens if you follow the link.

We have this occasionally as well. I think it's good.

One of my colleagues clicked on an attachment in a dodgy email last year and it caused chaos as all his contacts got infected as well. We couldn't use our laptops until they'd been wiped clean by IT which took two weeks. It was a nightmare.

We are encouraged to report any email we are suspicious about. I recently forwarded one to our IT dept as it looked odd, and had an email back saying it had been a test email and that I had passed as I reported it.

We have it all the time. It's "Immersive Phishing Awareness" I've learned so much from it.

Yes this is common although in my work you have to do additional training if you click. And the emails get sent to everyone including board members.

We have this quite regularly as my day job is in a sensitive regulated industry. For those who think it is just a faff, then think of Jaguar Land Rover, whose IT Help Desk was called by someone asking for a password reset when they were recently hacked… think about the supply chain that affected. Apparently they had been data scraping on line LinkedIn to be able to build up background when they called.

Opening attachments requires caution too, of course.

Completely normal to raise awareness of cyber-threats.

Once had a client who paid a whole quarter’s rent for their floors of a London office building (think £100k’s) to some scammers as a result of a spoofed email advising of changed bank account details for the landlord.

After the news of M&S, JLR etc. this year, I would think any large organisation would be unreasonable not to do this!

I’m now trapped in a cycle of negativity reporting all emails sent from IT dept as phishing ones - particularly when they are asking me to do an IT training course on phishing. We are on about our 12th send with me reporting it to them straight away as phishing…

Normal practice. The implications
of a real cyber attack are painful.

How does this work with office 365?

I get links I need to click on all the time - links to documents, to where I have been tagged, to comments, to people reacting to tags I've previously put in documents, to staff surveys.

I can see the need to be careful re phishing but this feels like a step too far.

it is normal where I work . A couple of times I reported genuine emails but better safe than sorry.

you might want to do an absolute cursory amount of "research" - Google is available, i recommend Duck Duck Go though - on how much companies lose via cyber attacks.

Then give your head a wobble.

You have seen all the messages and STILL don't get it. If i were your boss, i'd be worried and probably cut your internet access.

ETA: to those who know - is this part of ISO 27001 certification?

The IT team at my last job used to send phishing tests out all the time.

Most were from fake LinkedIn etc so easy to report as phishing as I had nothing connected to my work email anyway, however they made one look like it was from my boss, which was sneaky.

Sent my boss a quick teams message to check, found out from him that he hadn’t sent anything so sorry IT, yet AGAIN you failed to catch me out

I work for financial services and your post is showing exactly why the training and escalation to having to go the IT department is required.by clicking a link you could be the one that introduces a virus into your organisation. It is serious