irelephant [he/him]🍭@lemm.eeM to iiiiiiitttttttttttt@lemmy.worldEnglish · 6 days agoThe devil did this.lemm.eeimagemessage-square125fedilinkarrow-up1986arrow-down112
arrow-up1974arrow-down1imageThe devil did this.lemm.eeirelephant [he/him]🍭@lemm.eeM to iiiiiiitttttttttttt@lemmy.worldEnglish · 6 days agomessage-square125fedilink
minus-squareDigitalDilemma@lemmy.mllinkfedilinkEnglisharrow-up3·5 days agoThis is not reliable. Phish training companies are using a huge variety of domains, including look-alikes relevant to the test - including valid spf/dkim/dmarc configurations. Exactly as real phishers do - and there’s no effective way to automate their filtering.
minus-squareslazer2au@lemmy.worldlinkfedilinkEnglisharrow-up2arrow-down1·5 days agoAre you sure? Have you ever looked at the header of an email from knowb4 or phishme? The emails come from their own mail servers.
minus-squareDigitalDilemma@lemmy.mllinkfedilinkEnglisharrow-up4·5 days agoYes, absolutely. We used to use knowbe4. I’m not saying they didn’t do this in the past, but I know for certain they didn’t when I checked. There were obviously hints - the campagns are designed to be detectable - but easy filtering was not one of them, that would be stupid.
This is not reliable.
Phish training companies are using a huge variety of domains, including look-alikes relevant to the test - including valid spf/dkim/dmarc configurations. Exactly as real phishers do - and there’s no effective way to automate their filtering.
Are you sure? Have you ever looked at the header of an email from knowb4 or phishme? The emails come from their own mail servers.
Yes, absolutely. We used to use knowbe4. I’m not saying they didn’t do this in the past, but I know for certain they didn’t when I checked.
There were obviously hints - the campagns are designed to be detectable - but easy filtering was not one of them, that would be stupid.