The emails were mass reported, up to the point there was an internal message sent around to stop reporting them because they are legitimate. Of course, no action was taken to make them look less suspicious.
If I’d ever want to phish someone at my company, I’d know exactly what to do. Make the email look exactly like the training ones.
Then both the csec course failed to educate the employees, because a responsible trained employee would report or ignore those mails lol
The emails were mass reported, up to the point there was an internal message sent around to stop reporting them because they are legitimate. Of course, no action was taken to make them look less suspicious.
If I’d ever want to phish someone at my company, I’d know exactly what to do. Make the email look exactly like the training ones.