- A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
- Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
- Hunt has detailed the attack and warned his subscribers in a timely fashion.
You must log in or register to comment.
If you look at the headers, you can tell which ones are fake phishing and real phishing.
Please explain
Most companies add an email header like “X-PHISHTEST” to the phishing tests (and a corresponding spam filter rule) to ensure they don’t get caught by spam filters. If you look at the headers of a spam email, the company test emails will have that header.
Any company that does that needs to be sent on a mandatory awareness training for failing an obvious fake phishing exercise. It’s far too easy to whitelist that and send it to an “ignore” folder.
