Thread with 6 posts
jump to expanded post
you know it's a corporate phishing test email when they have to add a fake “this message has originated from an external source” banner because they had to make the sender trusted
every time i get one of those i kinda want to click the links to be contrarian because they're such a distinct species of email. no real phishing email would pretend to be from a sketchy hr department domain i've never heard of. they would simply pretend to be Service Now
@hikari gfdi is the rest of the industry _this_ behind??? wtaf
@hikari Or they would pretend to be from KnowBe4 or some other paid phishing company. Most such services have an “Allow this sketchy email through the filtering and deliver it right to the user’s inbox” header, and these headers are well-known, so a real phishing attempt would use them too.
I just run a script on the mailserver which looks at the last five messages or so in my inbox, checks for the header, and automatically flags it as phishing.
@hikari Apparently those banners are not added to PGP-signed messages, and the detection algorithm just looks for "---- BEGIN PGP SIGNED MESSAGE ----" at the start of message…
@jernej__s lmfao