top | item 32386123

(no title)

whylo | 3 years ago

I think OP means that new hires are receiving actual spearphishing emails from attackers outside of the company, not that they're testing them by sending fake spearphising emails. (I misread it as the latter at first too)

discuss

haswell|3 years ago

I'm not sure if they ever did this during onboarding, but my former employer would regularly run fake spearphishing campaigns to raise awareness about spearphishing.

The number of people who regularly fell for it was worrisome. Falling for it meant auto-enrollment in a mandatory security awareness training. Failing to take the training would result in deactivation of the individual's network credentials.

I don't know if these campaigns are actually effective at changing people's behavior, but they certainly revealed how effective spearphishing is.

moepstar|3 years ago

Ha - thanks for clarifying - now that i read it over again... you're probably right and it even makes sense to do so...