Which ends up being darkly hilarious when they're whitelisted, leading to a situation where literally every "phishing attempt" an employee ever sees is a fake crafted to conform to the stereotypes given in the training.
My employer uses PhishMe. Every "phishing attempt" I see is from my own employer. It is not adaptive. They don't scale up the apparent sophistication of the attack if previous attempt didn't work. So I am continually getting e-mails from "HR" asking me to update my contact info, or from "Expense Reports" asking me to verify some info to get reimbursed for my travel expenses.
Indeed. I setup a rule in outlook to look for knowbe4 in the header to dump those. Although, to be fair, I doubt it is the devs they are worried about.
