Reply to post: Pot Kettle Black

Your anti-phishing test emails may be too easy to spot. NIST has a training tool for that


Pot Kettle Black

I used to work at NIST. I once got an email asking for loads of personal details for (I think) a weather warning system. The email was signed by NIST personnel, but sent from an external account. BAM! I sent it to the phishing alert email. I got a very snarky response telling me that NIST had contracted this company to help with the warnings, as such emails will come from them and that I should have given them my details by now. I protested and said that these "legitimate" emails that look like a phishing scam train everyone to do the wrong thing (and I assume others did too). Then never responded to me directly instead they sent a NIST-wide email around to confirm that we were meant to click on the link, and complained about those who were wasting time by claiming it might be a phishing scam...

Great research happens at NIST, but many of the people who run the IT services there are painfully incompetent.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020