Neat thing I learned at a past company. The phishing emails had links (the ones you aren’t supposed to click on) that either contained the email address of the person getting tested, or it pulled it somehow. It was really easy to figure out where that information needed to go in the URL. This is how tracking “failures” was tested and reported. I would just put in the email address of people from the opsec team into that url, copy it, and paste it into one of those global website testers that checked if a site was available from different countries around the world (I’m assuming using some kind of VPN).
Theoretically it should have given these people failures in their own tests, and also come from all sorts of weird locations globally.
Not sure if it actually did, but I like to think I wasted at least some of their time.
Neat thing I learned at a past company. The phishing emails had links (the ones you aren’t supposed to click on) that either contained the email address of the person getting tested, or it pulled it somehow. It was really easy to figure out where that information needed to go in the URL. This is how tracking “failures” was tested and reported. I would just put in the email address of people from the opsec team into that url, copy it, and paste it into one of those global website testers that checked if a site was available from different countries around the world (I’m assuming using some kind of VPN).
Theoretically it should have given these people failures in their own tests, and also come from all sorts of weird locations globally.
Not sure if it actually did, but I like to think I wasted at least some of their time.
Never got in trouble for it so who knows.
This is ingeniously spiteful and I love it.