On 11/13/23 12:29 PM, Mel Beckman wrote:
We use KnowBe4.com's user training. That's really the only way you can fight this, since its a human problem, not a technical one. These guys provide fully automated, AI based (well, who knows what that means) simulated phishing attacks, largely to give users real-world practical experience detecting and fending off attacks. You get a report card on each users to, so you know where the weaknesses are in your staff knowledge. Their training regimen includes some pretty good self-guided instructional videos.

DMARC, SPF, digitally-signed emails, encryption, none of that matters if a user can be tricked into letting the crooks in the front door.

I think that both are needed, to be honest. The signatures can be a tool in the user's arsenal but if they are clueless and gullible there isn't much you can do about that.


Mike