That Tuesday in March when a phishing test at my office in Austin went way too far

Our IT team sent a fake 'urgent payroll update' email that looked real, and over 60 people in our 200-person company clicked the link and entered their login info. I mean, it was meant to be a lesson, but it just made everyone feel stupid and scared for the whole week. How do you run a good security drill without wrecking morale like that?

3 comments

3 Comments

clairee882mo ago

Honestly, people need to toughen up a bit. So 60 people clicked a link, big deal. It's a fake test, not a real breach. The whole point is to show you how easy it is to mess up. @the_sandra calls it humiliating, but I call it a wake-up call. If you feel stupid for a week after a drill, imagine how you'd feel if your actual bank account got cleaned out. The fear is the lesson.

the_sandra2mo ago

Totally get that feeling, our office did a similar fake invoice scam last year. It just makes people feel paranoid instead of teaching them anything useful. They need to make these drills helpful, not humiliating.

kaiblack2mo ago

Clairee88 saying "the fear is the lesson" is a wild take. Scaring people into compliance just makes them resent the whole process. There's a way to teach this stuff without the week-long shame hangover.