Notification to users - Phishing

Vastattu

John Sawyer

15. kesäk. 2017, 13.04

We traditionally send a warning message to all users when we see legitimate phishing attempts.  We normally do this after IT has received 3 or 4 notifications of the same phishing email.  

How do you handle this when you are doing a KnowBe4 phishing campaign?  I don't want to notify all of a possible phishing attempt or that alters statistics.  I don't want to not notify users or IT loses credibility for not alerting users.  

Thoughts?

1

• Virallinen kommentti

  

  Katie Brennan 16. kesäk. 2017, 15.44 (Muokattu 16. kesäk. 2017, 15.47)

  Hi Jes, 

  I'd love to hear how our other customers handle this. My recommendation would be to still encourage users to notify IT upon receiving potential phishing emails. A great, streamlined way to do this is to install our Phish Alert Button, where the user will be informed if the email was a simulated phishing test or a potentially real phishing email. 

  If you decide not to use the PAB, I would recommend congratulating the user for catching the email and notifying IT, and simply let them know it was a test and that they passed.

  Also, I wanted to let you know we have an active community over at Hackbusters where you may get more interaction from other customers on your post. It is located at https://discuss.hackbusters.com/

  Thanks, and happy phishing!

  Katie
  KnowBe4

   

  Kommenttitoiminnot Pysyvä linkki

Kirjaudu sisään jättääksesi kommentin.