This story is so unbelievable I just had to share it with all of you.
So I received an email this afternoon from Payroll with a title of “Confirmation of bank account” which upon simply seeing the entry, my antennae were twitching. I selected the email cautiously and hovering over the links and looking at the footer and the contact details of the person sending the email it all checked out. Having read the body it didn’t really make much sense, grammar was a little off and the sentence did not seem to make much sense and then there was a docx attachment so 2 red flags - must be a phish or someone else in the company has maybe enlisted Knowbe4 without my knowledge to test whether as a security professional I follow the same rules as expect other to follow - how cunning!!
So I rang the person in Payroll directly asking if they had sent the email and they said they had and seemed a little surprised that I thought it was not genuine. I pointed out the various elements which raised the red flags and without seeing the persons face I imagined a blank stare on their face.
I think another round of training is called for