Cybersecurity can be….entertaining.
Case in point…
Ran a phishing campaign on the whole company.
Every single employee opened the email.
Only 3 clicked on the link within the email. Here’s where it gets entertaining…
First Link Clicker submitted a ticket (WooHooo!). The ticket states:
“I received an email from ‘Internal Person’ but the link is broke. It takes me to some Phishing site. Can you take a look so I can get to the right site?”
Problem with this is:
- She clicked on the link!
- She didn’t read the landing page – If she would have read the ‘broken link’ page she would have discovered it was a page all about how she’d been Phished by IT – how to spot Phishing emails, and what to do if you click on the link, or enter credentials.
She did show us, definitively, who our weakest link is – pun intended.
Second Link Clicker did not submit a ticket (Boo!) but, they did come back to the office to report:
- They received the email and thought it was suspicious.
- Left it overnight because they thought it was suspicious.
- Didn’t hear anything about the email being suspicious so…
- Clicked on the link in the email to see what it was about but…
- Wasn’t sure what to do since it didn’t take them to a log in page…
Oh, and did I mention this was all AFTER we (IT) had sent out an email about the ‘suspicious’ email. Telling everyone not to click on the link, and to delete it.
And there we have weak link number 2.
The third link clicker has not come forward. We will find them. We will catch them next time. We will smack their hands for clicking the link. For now though…the two above will go down in the hall of Infamous Clickers.
I can’t wait to send out the next campaign!