Users afraid to open email


We have been conducting phishing training for a while with good results. Some of our tests spoof real people in HR, Finance, etc., which mirror actual hacking events that we have experienced. These tests contain red flags but are difficult to distinguish from real messages.

We now seem to have gotten people so nervous that they often won’t open legitimate internal messages, especially those broadcast to a large audience (such as from HR).

Have you experienced this unintended consequence? Any advice, like maybe implementing standard message templates for internal broadcast messages?


We ran into the same thing in my organization. What we did was all external email gets an EXT tag added to the subject line. This is not perfect but most if not all emails for most employees should also be internal emails and not from an external source. This has helped our employees tremendously.

(Howard) #3

There is a popular thread discussing EXTERNAL TAG here on this subject that might be helpful.
External Tag On Emails


Our worst phishing events have been when an employee’s email account was compromised and the hacker used that account to broadcast a phishing message to all employees. So these are internal messages, not external.

I’m not concerned about people being hesitant to open an external message. My problem is when employees are afraid to click on a link in a legitimate message from HR or Payroll, thinking it may be a spoof.

(Paul Prunty) #5

I think an important part of this is: How does a person recognize a normal correspondence from other entities in the company?

Some cues could be:

  • Standardized signatures used for internal vs. external communications.
  • Clear messages that explain content and don’t come across like a Nigerian Prince who would like you to view his list of goodies for you in the attached document.
  • Links to files on internal shares instead of attachments.
  • Announcements of intentions to send certain types of files at certain times (if they are out of band with normal operations).