Ask Slashdot: How Harmful Are In-House Phishing Campaigns?

tiltowait writes: My organization has an acceptable use policy which forbids sending out spam. Every few months, however, the central IT office exempts itself from this rule by delivering deceptive e-mails to all employees as a test of their ability to ignore phishing scams. For those who simply delete the messages, they are a small annoyance, comparable to the overhead of having to regularly change passwords -- also done largely unnecessarily, perhaps even to the point of being another bad practice. As someone working in a departmental systems office, I can also attest that these campaigns generate a fair amount of workload from inquiries about their legitimacy. Aside from the "gotcha" angle, which perpetuates some ill will amongst staff, I can't help but think that these exercises are of questionable net value, especially with other countermeasures, such as MFA and Safelinks, already in place. Is it worth spreading misinformation to experiment on your colleagues in such a fashion?

Read more of this story at Slashdot.

from Slashdot https://ift.tt/3u0Rq6O

Share on FacebookPlus on Google+

SUBSCRIBE TO OUR NEWSLETTER