Sure, a genuine phishing e-mail wouldn’t give a fuck. But fake phishing e-mails sent from an employer should give a fuck about retention and employee engagement. Drawing attention to how much you don’t care about your employees while exploiting their emotions isn’t all that conducive to maintaining a healthy workforce/morale.
There are ways to demonstrate the lengths bad actors are willing to go without being a douche.
As an example, find out something the employer actually will be doing (or already does) and pre-empt it with a related, but not identical, phishing test. After the test has elapsed, send a follow up explanatory e-mail, with genuine content e.g. “We won’t pay you $10,000,000 to have a baby, but did you know about our generous maternity leave package?”
That implies they care about our feelings. When actually they want us to remember we only get paid if we’re of pecuniary value to them. Even at a good company like mine.
Sure, a genuine phishing e-mail wouldn’t give a fuck. But fake phishing e-mails sent from an employer should give a fuck about retention and employee engagement. Drawing attention to how much you don’t care about your employees while exploiting their emotions isn’t all that conducive to maintaining a healthy workforce/morale.
There are ways to demonstrate the lengths bad actors are willing to go without being a douche.
As an example, find out something the employer actually will be doing (or already does) and pre-empt it with a related, but not identical, phishing test. After the test has elapsed, send a follow up explanatory e-mail, with genuine content e.g. “We won’t pay you $10,000,000 to have a baby, but did you know about our generous maternity leave package?”
That implies they care about our feelings. When actually they want us to remember we only get paid if we’re of pecuniary value to them. Even at a good company like mine.