You're viewing a single thread.
Sounds about right.
Pro tip, set up a rule in your email client to send any email that contains the following phrases, phishme.com or knowb4, in the header to junk.
Note that I said header, not From field.
It is so stupid that orgs spend thousands of dollars on these products and you can be seen as not being a phishing risk because of their shitty systems.Here's the thing...
If you are savvy enough to know how to (or look up how to) find the header of your phishing test email service, and then create a rule to filter on that, then you aren't the target for those emails anyway.
I would argue that logic gives you a false sense of security. All employees are targets no matter the pecking order.
A product that you are paying thousands of euros for and is required for business certifications like SOC2/ISO27001 or cyber insurance can be so easily nullified is a joke.
This is not reliable.
Phish training companies are using a huge variety of domains, including look-alikes relevant to the test - including valid spf/dkim/dmarc configurations. Exactly as real phishers do - and there's no effective way to automate their filtering.
Are you sure? Have you ever looked at the header of an email from knowb4 or phishme? The emails come from their own mail servers.
Yes, absolutely. We used to use knowbe4. I'm not saying they didn't do this in the past, but I know for certain they didn't when I checked.
There were obviously hints - the campagns are designed to be detectable - but easy filtering was not one of them, that would be stupid.
Where I worked it wasn't enough to ignore those emails, we were supposed to hit a button flagging them as a phishing attempt.
That is why it goes to junk and not deleted, you can still see them and report them.
So just have them tagged instead of junked and do the needful.
Hmmm, I did a lot of Outlook rules, but I don't remember an ability to run a script when a rule was met. Maybe I just never needed it though.
I mean just plonk them on a folder or tag them or whatever, and then you can manually perform the operation at your leisure.