My Channel Was Deleted Last Night

Every year during audit time, the 3rd-party auditing company will send out phishing emails to all the employees with access to these systems and if anyone falls for it, it becomes part of the official audit report.

We had those external tests as well and I noticed it had two separate effects on me. The most obvious effect was teaching the specific warning signs for phishing e-mails, which usually seemed fairly conspicuous. The less obvious effect was that it made me more willing to report phishing attempts because I assumed that the phishing e-mails were just parts of the training.

Before the external audits, you'd forward the e-mail to the IT safety whatever, so I would spend time second guessing whether it was actually phishing or maybe it was just a weird new URL I wasn't familiar with. I wouldn't click on the link but I also didn't want to bother an IT person with something that might be nothing or that might make me look like an idiot.

After the audits started, I got used to seeing the emails with something off, hitting the "suspicious" button, clicking the "are you sure", and then getting the little "good job, we thought we could trick you" message pop up. It wasn't until I got a "we're forwarding this to the IT security team" message (and a follow up "thank you for reporting, you definitely didn't click on that link, right" e-mail about five minutes later) that I realized that the little tests had made reporting seem less of an active conscious decision requiring consideration and more of a routine behavior that was almost a reflex.

/r/videos Thread Parent Link -