Let’s punish phishing victims… er, you want to do what?!

There is a big, hairy elephant in the room when it comes to phishing: Many organisations believe that it’s okay, or right, or that they have no choice other than to punish people who repeatedly fail phishing simulations. Are they right? Before we answer that, let’s remind ourselves exactly what phishing is. What is phishing? According to the NCSC, phishing… “describes a type of social engineering where attackers influence users to do ‘the wrong thing’, such as disclosing information or clicking a bad link.…


End of content

No more pages to load