I treated this as spam, not phishing. There was no attempt at spoofing another entity, no request to log-in to anything, so I deleted it immediately.
I received this email and I can tell you exactly why I failed the test, what was going through my mind when I read the most recent test email. I had received a previous email a couple of weeks earlier that I thought suspicious for phishing. I reported the previous suspicious email, and received a response back that it was a false alarm, that because the email did not ask me for any personal information, it was not a phishing attempt but rather spam. So when I got the latest test email, and it did not ask for any personal information, I figured it was safe, not worthy of reporting, opened it, and BAM, fail. I am now more confused than ever about what to look out for and what to report.
Jump to this post
I also opened this because I had recently read about the whole idea of our supervisors sending more thank yous to their staff and thought that is what it was in an effort to save time and money. And yes, there is a difference when defining spam and phishing emails. Don't tell us one way to identify something and then include more to the definition and then tell us we failed.
Mayo Clinic has an E-Card site you can go to (http://mayoweb.mayo.edu/humanresources-recognition/ecards.html) to recognize your co-workers. It comes to your email in the same fashion the phishing email did. You have to click a link to a non-Mayo website to view the e-card. I heard some of my co-workers clicked on the phishing email because they thought it was one of these.
"More than 75 percent of recipients fell victim to the campaign email." Did 75% actually open the email, or is that a combined opened and/or deleted the email? I got a "congrats" pop up when I clicked the "phish" button after searching for one of the older links about how to recognize phishing versus spam to see if you wanted us to report that type of email or not, but I was a little disappointed that it wasn't easier to find a FAQ/what to do on the Help Desk homepage as that was the first place I checked. This is what I used: http://intranet.mayo.edu/charlie/office-information-security/how-to-spot-a-phish/, but I think this link is even more helpful: http://newsletters.mayo.edu/newscenter/Article.aspx?contentID=DOCMAN-0000163198
I clicked the "Report Phishing" button and nothing happened. I didn't receive a "congratulations" or any other acknowledgement that I had reported anything. A few minutes later, I just deleted the message without opening.
This seemed like more of a spam message than phishing, since it didn't ask for personal information. I immediately deleted it, which is Mayo's recommendation for spam mail. So if I was included in the 75% of "failures", I don't know that this number is accurate.
That's what I thought Kellie! Either that or this is evidence that we need an e-card recognition system, apparently a lot of people feel pretty happy when they see that come up in their e-mail!
I totally agree. I understood phishing as an email attempting to get sensitive information. This one didn't ask for sensitive information. So I assumed it was just a link to something else harmful, but I never got the impression that the phishing button was for all ill-intentioned emails.
I'm with Kellie. That's exactly what I did. I have received e-cards before in my email from coworkers as a thank you. It didn't ask me for any personal information so I didn't think it fit the criteria for phishing.
I deleted it and never opened it but don't think that counted. I think you actually had to push the fish and whoever didn't failed.
Curious what happens if Phishing is reported and the email is, in fact, NOT a phishing attempt. Will the email/content be returned to the intended recipient? Thank you!
I did not have that option to, so I just deleted it.
The fact that so many people fell victim to this particular e-mail speaks volumes about how so many individuals are feeling undervalued and overworked. Many people I know of opened it because they wanted the validation of hearing they were doing a great job. They were starved for affirmation and wanted to know all of the stress they've been under is worth it.
I also received this email and never opened it, but thought it suspicious. I usually view my emails on my iphone. I did just look on outlook on my computer and don't see a phishing button. Is this feature available to everyone?
Unfortunately, I'm one of Mayo's Apple Mac users, and we didn't get the Phishing button. I received the attack e-mail, but deleted it because I don't have the option of clicking on the fish. Was I counted in the 75%, even though I didn't fall victim to the phishing attempt?
I typically mouseover the link in Outlook to determine if it is legit. On an iPhone/iPad, there is no way to mouseover any links. Also, this email about job well done e-card seemed like a legitimate thing that someone at work would do, so I am not surprised that so many people failed the test.
version 126.96.36.199.3.2Page loaded in 0.946 seconds