After much (automated) nagging, I finally did the mandated "security awareness training" at my university I.. have opinions. No, people can't learn to easily recognize phishing by examining the URL bar and yes, writing down your password is okay depending on the threat model.
-
-
You know how we prevent phishing? Security keys. Authentication apps. Not pages of instructions on how to examine the to: and from: fields and URL links and blah blah. As per my gravestone on everything: we know how to solve these problems, just need the infrastructure...
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The question is on the auto-nag do you have to report it and get frustrated that they ignore that they are training the users to be phished?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This happened to me once and we exchanged several emails with the person behind the scenes. I played the fool for a while and just got bored.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
My company actually has a "Report Phishing" button on our Microsoft Outlook. No need to call IT; just hit the report button. They'll also regularly test us with simulated phishing attempts. As a CSR, I've dismissed those with one click in the middle of a call without any fuss.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.