This Person Has Figured Out How To Outsmart The Required Phishing Training At Work

There are so many work things that could have been emails, and so many times we’re sitting in an all-day training that we could have read up on in under and hour.

When your work sends emails about how to tell whether or not you should open emails, though…isn’t that a little bit confusing?

OP think so – or at least, that’s what he wanted his boss to think.

They were supposed to be aware of what phishing emails looked like, and to “stay vigilant.” Additional training to follow.

3 months ago, My company had a 2 hour long seminar about e-mail phishing and how to prevent it. This seminar also included a update to our Email Software, Our software has a preview feature, If you hover over a link, It opens a preview of the link.

Anyway I got an email from our “IT Director” saying I was in violation of their internet policy by using social media (a main part of my job) and I was stupid and opened it.

It was a phishing test and they made me do another 2 hour long seminar.

When the email about training arrived, to OP, it had all of the hallmark signs of a phishing email – so he reported it.

That week, I get the following email from our director

SENT WITH HIGH IMPORTANCE

Subject: Phishing Email Test

Hello everyone,

This is a reminder to stay aware of phishing emails. Please review the PDF guide and take a short quiz (link) to test your skills by 5pm.

Thank you,

(IT Directors Name)

Now on this email attachment, One of the signs to report a email is if it is pressuring you to click a link. So I feel like that I should report this as phishing, So I did.

A follow-up arrived, telling them that any email from the director was not phishing, but since it still contained a suspicious link, he reported that, too.

And he wasn’t the only one.

I get this email from the director 1 hour later:

Subject: Reporting Emails

Hello Everyone,

We have received numerous phishing reports about the email about the phishing quiz. Please note, any email sent from: (insert IT director email here) is not phishing. We have included a new link for your convenience.

Thank you,

(IT Director Name)

To me, This email looks even more suspicious then the last one, So I do the natural thing and report it to “stay vigilant”.

This has been going on for two months and no one has completed the required quiz for their training.

I have been doing this over 2 months and everyone keeps getting an email saying that “This email is not phishing”.

Please don’t make us sit through two hour seminars.

What does Reddit think of this tactic? Let’s find out!

Head’s up or not, I think OP is doing the right thing.

This person says the post doesn’t even get to the best part.

This is what happens when a bunch of introverted nerds get together.

You can easily prove you don’t really need the training.

They say his trust issues are warranted.

I suppose we can call this a win/win, honestly.

Because they’re definitely grasping the material.