For us they just make the people that click them do some online training. I don't think anyone learns anything during that but I suspect not having to do the training serves as a great incentive to be careful.

It doesn't help though that we've had multiple cases of obvious phishing mails everyone just deleted that were followed up by a "no those mails were legit please click the link" by HR...

[–] Honytawk@feddit.nl 8 points 6 days ago* (last edited 6 days ago) (2 children)

That is what really irks me. People who write mails exactly like phishing mails.

Just some bland text asking for urgent action, with one link in the middle that is obscured. No signature, no company images, just a name at the bottom.

Better to delete those than to click on actual phishing mails though.

[–] Blackmist@feddit.uk 4 points 6 days ago (1 children)

And the link goes to one of the Office 365 things that asks you to sign in every single time for some fucking stupid reason.

[–] phoenixz@lemmy.ca 3 points 6 days ago

Microsoft and session management somehow always have been enemies.

It's not THAT hard, relatively, to do that well, but Microsoft really has been scraping the bottom of the barrel on that one since forever.

I mean, Microsoft sucks and everything, but session handling somehow is extra dumb. Up until about a year ago it was damn neigh impossible to have tso teams tabs open without shit stirring like crazy

[–] Rooster326@programming.dev 3 points 6 days ago

This is every single email that our IT department sends out. Fake Phishing, or extremely important.

"Please upgrade to windows 11 now! If you need assistance. Click here to login to request help"

Nope! You can't trick me