The HR Department is not your friend.
So, office mate and I are well schooled at identifying phish-mails.
We give each other heads up on company generated emails that we are supposed to report using the app on the Outlook ribbon.
I’m usually the first, so I click on the App and tell my co-workers about the “gotchya” attempt.
Office buddy simply deletes the email.
Boss calls him up last week and says, “It’s policy to report these fake emails. You need to start doing that from now on.”
\Policy\ to participate in fakery devised by IT and HR.
Do it or get disciplined, comrade.
Which site is a phishing site?
I didn’t get disciplined, I just got a landing page that was , “Ha Ha, Go Phish!” And then a reminder to not click on links from outside sources. Which is kind of ridiculous, considering we use multiple third party vendor applications that send me dozens of email a day that require clicking on a link.
Here is how I fight back.
Anything suspicious at all, I report. A couple of months ago I had several of them running down an email I reported that ended up being sent from an internal IP, but they used poor practices and I saw it coming from an IO rather than URL. If they demand you report them, report them. Many of them.