I quit reporting any emails at my job. Reported one from an outside source once, but it wasn't technically a phish. So I received mandatory online safety courses for "wrongly reporting a phishing scam". Which was the same courses I was already forced to take a few months prior. I was pissed.
this post was submitted on 17 Jun 2023
32 points (100.0% liked)
Memes
45546 readers
1555 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
That's gotta be one lazy IT team or a terrible training firm, if they're expecting training to "solve" phishing, at the cost of causing security fatigue on users.
What a terrible policy.
In my firm, we never raise a fuss over someone suspicious of phishing, because it's our job, not theirs.
If anyone was actually reporting so much that it's impacting firm time, yah don't sign them up for training, we just talk to them.
Are you kidding me? I would kill for a user base that over reports.
Better that than the guy who downloads taxformpdf.exe
and runs it without a second thought.
Your security team sucks. Users should be encouraged to report anything sus, even if it occasionally results in a false positive.