SPAM vs. Phishing Infographic
Answered
After implementing the Phish Alert Button, our staff has been a little overzealous in reporting emails. As a govt agency we do get a fair share of unsolicited correspondence, including conferences, webinars, and anything that may relate to our agency's mission.
I would like to request an infographic that explains the difference between Phishing and SPAM emails. Similar to the *Social Engineering Red Flags* infographic. Just something I could attach when responding to tickets to help educate staff a little more.
Thanks!
-
Official comment
Hi Russell,
Thanks for this request. I've forwarded your idea to our design team so they can look into creating something like this in the future.
If you need anything else or have more ideas you'd like to share, please feel free to reply back.
Thanks!
Katie
KnowBe4Comment actions -
Hi Brian,
Thank you for your input! We currently have a training course on the roadmap for how to use the Phish Alert Button. This will clarify the difference between SPAM and phishing emails, specifying when users should and should not use the PAB. I will also add your idea of the Security Hints and Tips email template on this topic to the roadmap.
Thanks again!
Lauren
KnowBe4 -
Hi All!
We've released a training module that addresses this issue! This short module titled, Using the Phish Alert Button: Report Suspicious Emails, teaches viewers how to distinguish between spam, phishing, and spear phishing emails.
From your KnowBe4 account, you can search for "Phish Alert" in the Modstore to find this course.
We hope this helps!
Regards,
Lauren
KnowBe4 -
We have not pushed the button to our users yet due to the same reasons as everyone before me has raised. Is thee a recommended service such as Open Threat Exchange or Virus Total that we could use to do multiple checks for the emails that we will no doubt be sent by our users when they start clicking the button?
We expect that even a lot of people will not even read the email they receive about the difference of what SPAM and Phishing is even when it is explained to them. They will see it as the " All Mighty" button to get rid of the email they do not want and no need to click delete anymore, as it already moves it to that folder.
All ideas and input welcome.
-
Hi Charles,
Totally hear ya on this one! I included some details on this in my response to you in your thread (linked here if anyone else wants to see). While the PAB is not built with integrations for Open Threat Exchange or Virus Total, PhishER is compatible with the latter.
I hope this helps! Feel free to reach out if you have other questions or feedback to provide. :) Thanks!
Kaiser
KnowBe4
-
PhishML, as part of PhishER, is going to be your best friend if this is a problem for you. We have our rules setup such that, if the machine learning confidence level of the reported email causes it to be tagged as `PML:SPAM` and did not contain any infections according to VirusTotal, PhishER automatically resolves the reported email and replies to the user that the reported email was verified to be safe SPAM and thanks them for being cautious. This causes each time this occurs, to be a learning opportunity for the employee that reported SPAM.
Employees reporting SPAM is irritating, but I would rather our employees be overzealous and report everything that looks phishy, rather than relying on each employee to judge whether any given email has malicious intent.
KnowBe4 -- do I get any kickbacks for my gratuitous advertisement of PhishER??? lol. -
Hey Matthew!
Thank you for the glowing endorsement. While I can't personally offer you any kickbacks I did notify your Customer Sucess Manager that you're happy with the PER platform!
We appreciate your input on this and your willingness to help our other customers with best practices that work for you!
Please sign in to leave a comment.
Comments
18 comments