If it was conducted properly, it would have been fine to not inform me.
They made it way too hard to spot that anything was off until after you’d clicked something in the email, combined with blasting 2000+ people with the email at the same time.
Our employees are trained to call helpdesk ASAP at any sign of potential issues where your credentials have gotten stolen, hundreds of people called in the first 10 minutes of the email being sent out because they had opened the email and got scared and thus called, I got called in from my vacation by one of the people on my team, and I called everyone else in from vacation.
I should’ve absolutely been informed about this. But considering how fucking dumb whoever did the test was, I’m not surprised I wasn’t.
The KPMG consultant who was clearly not an infosec person at all got fired after this.
Do you feel like you should be excluded? Did you get the results afterwards?
I often conduct phishing tests for customers where only 1 or 2 people are in the loop to cover as many peepz as possible.
If it was conducted properly, it would have been fine to not inform me.
They made it way too hard to spot that anything was off until after you’d clicked something in the email, combined with blasting 2000+ people with the email at the same time.
Our employees are trained to call helpdesk ASAP at any sign of potential issues where your credentials have gotten stolen, hundreds of people called in the first 10 minutes of the email being sent out because they had opened the email and got scared and thus called, I got called in from my vacation by one of the people on my team, and I called everyone else in from vacation.
I should’ve absolutely been informed about this. But considering how fucking dumb whoever did the test was, I’m not surprised I wasn’t. The KPMG consultant who was clearly not an infosec person at all got fired after this.