Phishing simulations
Here are some references I use to support my negative view of Phishing Simulation [1]:
Perspectives:
- Sean Cassidy: Phishing simulations considered harmful
- Jamie Finnigan: Simulated phishing is not so great
- Yahoo Paranoids: Stop Giving Impossible Advice: Telling People to Watch Out for SUSPICIOUS EMAILS is Nonsense.
- Jacob Kaplan-Moss: Don’t include social engineering in penetration tests
Research:
[1] Instead, roll out webauthn/Yubikeys