A lot of companies use cybersecurity training to prevent phishing attacks. A UC San Diego study says they should find a better way to protect their digital assets.
  • @MajorHavoc@programming.dev
    182 days ago

    I would be more interested in a study of people entering credentials or taking other risky actions after clicking.

    Yes, people whose job includes lots of link clicking are going to click links.

    And one obvious but good conclusion: invest in mandating MFA for sensitive actions.

    • @bamboo@lemmy.blahaj.zone
      62 days ago

      Totally agreed, I get it’s easier to consider it a fail if you open the link, and that simply opening a random link has some inherent risk, but there should at least be a fake page to enter credentials and evaluate how many people actually go through with that, and break that out as a CRITICAL where the other clicks are HIGH or MEDIUM status, to classify the risk.

      Also, this is just an anecdote, but in a similar phishing simulation i helped with, we had to bypass filters for rejecting emails with links for websites registered in the last 60 days. Obviously this isn’t a foolproof way to prevent phishing attempts, but it does cut out a lot of junk, and we’ve indirectly been training employees to not deal with that.