www.pcmag.com
Open in
urlscan Pro
104.16.21.118
Public Scan
URL:
https://www.pcmag.com/news/google-stop-trying-to-trick-employees-with-fake-phishing-emails
Submission: On September 27 via manual from US — Scanned from CA
Submission: On September 27 via manual from US — Scanned from CA
Form analysis 1 forms found in the DOM
<form class="flex" x-on:submit.prevent="subscribeEmail">
<div class="flex-grow">
<label class="hidden" aria-hidden="true" :for="'email-form' + uniqueId" for="email-form0">Email</label>
<input class="w-full appearance-none rounded-l border-b border-l border-t border-gray-400 p-3 text-xl leading-tight text-gray-600 focus:border-gray-500 focus:outline-none" type="email" aria-describedby="error-message" x-model="email"
x-ref="newsletterInput" :id="'email-form' + uniqueId" placeholder="Enter your email" id="email-form0">
</div>
<button class="min-w-12 rounded-r border-b border-r border-t border-red-300 bg-red-400 px-3 text-center text-xl text-white transition-bg hover:bg-red-500 md:min-w-24" type="submit">
<span x-show="isLoading" style="display: none;">
<svg class="w-4 h-4 spinner inline-block" aria-hidden="true" data-prefix="fas" data-icon="spinner" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
<path fill="currentColor"
d="M304 48c0 26.51-21.49 48-48 48s-48-21.49-48-48 21.49-48 48-48 48 21.49 48 48zm-48 368c-26.51 0-48 21.49-48 48s21.49 48 48 48 48-21.49 48-48-21.49-48-48-48zm208-208c-26.51 0-48 21.49-48 48s21.49 48 48 48 48-21.49 48-48-21.49-48-48-48zM96 256c0-26.51-21.49-48-48-48S0 229.49 0 256s21.49 48 48 48 48-21.49 48-48zm12.922 99.078c-26.51 0-48 21.49-48 48s21.49 48 48 48 48-21.49 48-48c0-26.509-21.491-48-48-48zm294.156 0c-26.51 0-48 21.49-48 48s21.49 48 48 48 48-21.49 48-48c0-26.509-21.49-48-48-48zM108.922 60.922c-26.51 0-48 21.49-48 48s21.49 48 48 48 48-21.49 48-48-21.491-48-48-48z">
</path>
</svg> </span>
<span x-show="hasError" style="display: none;">
<svg class="w-4 h-4 inline-block" aria-hidden="true" data-prefix="fas" data-icon="exclamation-circle" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
<path fill="currentColor"
d="M504 256c0 136.997-111.043 248-248 248S8 392.997 8 256C8 119.083 119.043 8 256 8s248 111.083 248 248zm-248 50c-25.405 0-46 20.595-46 46s20.595 46 46 46 46-20.595 46-46-20.595-46-46-46zm-43.673-165.346 7.418 136c.347 6.364 5.609 11.346 11.982 11.346h48.546c6.373 0 11.635-4.982 11.982-11.346l7.418-136c.375-6.874-5.098-12.654-11.982-12.654h-63.383c-6.884 0-12.356 5.78-11.981 12.654z">
</path>
</svg> </span>
<span class="flex items-center justify-center leading-[0] text-white" x-show="!isLoading && !hasError">
<svg class="w-4 h-4 fill-current inline-block" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" fill="currentColor">
<path
d="M494.586 164.516c-4.697-3.883-111.723-89.95-135.251-108.657C337.231 38.191 299.437 0 256 0c-43.205 0-80.636 37.717-103.335 55.859-24.463 19.45-131.07 105.195-135.15 108.549A48.004 48.004 0 0 0 0 201.485V464c0 26.51 21.49 48 48 48h416c26.51 0 48-21.49 48-48V201.509a48 48 0 0 0-17.414-36.993zM464 458a6 6 0 0 1-6 6H54a6 6 0 0 1-6-6V204.347c0-1.813.816-3.526 2.226-4.665 15.87-12.814 108.793-87.554 132.364-106.293C200.755 78.88 232.398 48 256 48c23.693 0 55.857 31.369 73.41 45.389 23.573 18.741 116.503 93.493 132.366 106.316a5.99 5.99 0 0 1 2.224 4.663V458zm-31.991-187.704c4.249 5.159 3.465 12.795-1.745 16.981-28.975 23.283-59.274 47.597-70.929 56.863C336.636 362.283 299.205 400 256 400c-43.452 0-81.287-38.237-103.335-55.86-11.279-8.967-41.744-33.413-70.927-56.865-5.21-4.187-5.993-11.822-1.745-16.981l15.258-18.528c4.178-5.073 11.657-5.843 16.779-1.726 28.618 23.001 58.566 47.035 70.56 56.571C200.143 320.631 232.307 352 256 352c23.602 0 55.246-30.88 73.41-45.389 11.994-9.535 41.944-33.57 70.563-56.568 5.122-4.116 12.601-3.346 16.778 1.727l15.258 18.526z">
</path>
</svg> <span x-show="!hasError">
<span class="ml-2 hidden sm:inline" data-module="pcmag-on-site-newsletter-block" data-element="newsletter-signup" data-item="" :data-title="titlesSelected()" x-track-ga-click="" data-title="SecurityWatch">Sign Up</span>
</span>
</span>
</button>
</form>Text Content
Skip to Main Content
Menu
* #Top100BudgetBuys
* #ConnectedTraveler
* Best Products
* The Best Laptops for 2024
* The Best PCs (Desktop Computers) for 2024
* The Best Tablets for 2024
* The Best Phones for 2024
* The Best Wi-Fi Routers for 2024
* The Best External Hard Drives for 2024
* The Best All-in-One Printers for 2024
* The Best TVs for 2024
* The Best Headphones for 2024
* The Best Robot Vacuums for 2024
* The Best VPN Services for 2024
* The Best Antivirus Software for 2024
* The Best Password Managers for 2024
* The Best Web Hosting Services for 2024
* The Best Video Editing Software for 2024
* The Best Graphics Cards for 2024
* The Best Gaming Laptops for 2024
* The Best Printers for 2024
* The Best Monitors for 2024
* See All Best Products
* Comparisons
* Reviews
* How-To
* News
* Opinions
* Deals
* PCs & Hardware
* Laptops
* Desktop Computers
* Tablets
* Monitors
* Hard Drives
* SSDs
* Network Attached Storage
* Wi-Fi Routers
* Wi-Fi Range Extenders
* Wi-Fi Mesh Networking Systems
* Printers
* 3D Printers
* Scanners
* Webcams
* Computer Mice
* Keyboards
* Graphics Cards
* Processors
* Motherboards
* PC Cases
* Mobile
* Mobile Phones
* Wireless Carriers
* Modems & Hotspots
* Bluetooth Headsets
* Mobile Phone Accessories
* Mobile Apps
* Android Apps
* iPhone Apps
* iPad Apps
* Electronics
* TVs
* Projectors
* Media Streaming Devices
* Headphones
* Speakers
* Ebook Readers
* Cameras
* Lenses
* Drones
* VR
* Electric & Hybrid Cars
* Car Accessories
* Smart Home
* Smart Home
* Home Security
* Home Security Cameras
* Robot Vacuums
* Smart Displays
* Smart Lighting
* Smart Locks
* Smart Plugs
* Smart Thermostats
* Smart Lawn Mowers
* Appliances
* Connected Kitchen
* Health & Fitness
* Health & Fitness
* Wearables
* Fitness Trackers
* Heart Rate Monitors
* Smart Scales
* Medical Alert Systems
* Gaming
* Gaming Hardware
* Gaming Systems
* Gaming Controllers & Accessories
* Games
* PC Games
* Microsoft Xbox Games
* Nintendo Games
* Sony Playstation Games
* Mobile Games
* Game Streaming Services
* Software & Services
* Artificial Intelligence (AI)
* Operating Systems
* Productivity
* System Utilities
* Photo & Design
* Education
* Website & App Building Tools
* Communications
* Personal Finance
* Accounting
* E-Commerce & Payments
* Human Resources
* IT Management
* Sales & Marketing
* Streaming Video
* Streaming Music
* Dating Apps
* DNA Testing Kits
* Meal Kits
* Security
* Security
* Security Suites
* Antivirus
* VPN
* Password Managers
* Parental Control
* Malware Removal
* Ransomware Protection
* Events
* Amazon Prime Day
* Apple WWDC
* Black Friday
* Black Hat
* CES
* Comic Con
* Computex
* Cyber Monday
* E3
* Google I/O
* IFA
* Microsoft Build
* Mobile World Congress (MWC)
* Presidents' Day
* RSAC
* SXSW
* Samsung Unpacked
* Summer of Gaming
* Series
* 5G
* Accessibility Technology
* Advertising Content
* Amplify
* Android
* Apple
* Back to School Tech
* Business Choice
* Connected Traveler
* Fast Forward
* Fastest ISPs
* Fastest Mobile Networks
* Forward Thinking
* Get Organized
* Holiday Gift Guide
* How to Work From Home
* IT Watch
* In Depth
* Moms, Dads & Grads Gift Guide
* NextCar
* PCMag Picks
* PCMag Turns 40!
* Readers' Choice
* Refresh Your Tech
* Retro Computing
* Rigged Up
* Robotics
* Science & Space
* SecurityWatch
* TechX Awards
* The Best of the Year
* The Pop-Off
* The Why Axis
* Weekend Project
* Windows 11
* Newsletters
#Top100BudgetBuys #ConnectedTraveler Best Products Comparisons Reviews How-To
News Deals
{X-HTML Replaced}
PCMag editors select and review products independently. If you buy through
affiliate links, we may earn commissions, which help support our testing.
1. Home
2. News
3. Security
GOOGLE: STOP TRYING TO TRICK EMPLOYEES WITH FAKE PHISHING EMAILS
According to a Google security manager, simulated phishing tests are outdated
and more likely to cause resentment among employees than improve their security
practices.
By Michael Kan
May 22, 2024
Facebook
Twitter
Reddit
Social Share
Reddit Pinterest Flipboard LinkedIn Email
Copied
Error!
Copy Link
https://www.pcmag.com/news/google-stop-trying-to-trick-employees-with-fake-phishing-emails
Comments
(Credit: Just_Super via Getty)
Did your company recently send you a phishing email? Employers will sometimes
simulate phishing messages to train workers on how to spot the hacking threat.
But one Google security manager argues the IT industry needs to drop the
practice, calling it counterproductive.
"PSA for Cybersecurity folk: Our co-workers are tired of being 'tricked' by
phishing exercises y'all, and it is making them hate us for no benefit,” tweeted
Matt Linton, a security incident manager at Google.
Linton also published a post on the Google Security blog about the pitfalls of
today’s simulated phishing tests. The company is required to send fake phishing
emails to its employees to meet the US government's security compliance
requirements.
In these tests, Google sends an employee a phishing email. If the worker clicks
a link in the email, they’ll be told they failed the test and will usually be
required to take some sort of training course. However, Linton argues that
simulated phishing tests can lead to harmful side effects, which can undermine a
company’s security.
"There is no evidence that the tests result in fewer incidences of successful
phishing campaigns,” Linton said, noting that phishing attacks continue to help
hackers gain a foothold inside networks, despite such training. He also pointed
to a 2021 study that ran for 15 months and concluded that these phishing tests
don't "make employees more resilient to phishing.”
Example of phishing email (Credit: Michael Kan/PCMag)
In Google’s case, Linton noted its own simulated phishing tests don't always
accurately reflect how an attack will appear in an employee's inbox. That’s
because these emails need to bypass the company’s existing anti-phishing
defenses to work. "This creates an inaccurate perception of actual risks, [and]
allows penetration testing teams to avoid having to mimic actual modern attacker
tactics," he said.
The other problem is that simulated phishing tests can annoy employees, and lead
to resentment. "Employees are upset by them and feel security is 'tricking
them,' which degrades the trust with our users that is necessary for security
teams to make meaningful systemic improvements and when we need employees to
take timely actions related to actual security events," he added.
In Linton’s view, simulated phishing tests are like forcing workers to quickly
evacuate a building during a fire drill — except that real smoke and fire are
being blown through the premises. "Once outside, if you took too long you're
scolded for responding inappropriately and told you need to train better for
next time. Is this an effective way to instill confidence and practice fire
evacuation?” he added on LinkedIn.
RECOMMENDED BY OUR EDITORS
Google Experiments With Using AI to Flag Phishing Threats, Stop Scams
A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts
Got a Phone Call From LastPass? Hang Up, It's a Phishing Scam
Linton’s larger point is that it’s impossible to “fix” people and prevent them
from clicking on phishing messages. It’s why companies need to invest in
anti-phishing technologies, such as hardware security keys and passkeys, to
stamp out the threat in the first place.
But that doesn’t mean companies should abandon phishing tests either. Instead,
he’s advocating companies adopt more transparent and instructive phishing
training that drops such shaming. This could involve sending out an email that
flat-out tells the users “I am a Phishing Email. This is a drill — this is only
a drill.”
(Credit: Google)
The email would then remind the user how to recognize and spot potential
phishing emails, and that it’s necessary to report them to the company’s IT
security team by instructing them how to do so. “There’s no need to make this
adversarial, and we don’t gain anything by ‘catching’ people ‘failing’ at the
task. Let's stop engaging in the same old failed protections,” he added.
LIKE WHAT YOU'RE READING?
Sign up for SecurityWatch newsletter for our top privacy and security stories
delivered right to your inbox.
Email
Sign Up
This newsletter may contain advertising, deals, or affiliate links. Subscribing
to a newsletter indicates your consent to our Terms of Use and Privacy Policy.
You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
ABOUT MICHAEL KAN
SENIOR REPORTER
I've been working as a journalist for over 15 years—I got my start as a schools
and cities reporter in Kansas City and joined PCMag in 2017.
Read Michael's full bio
READ THE LATEST FROM MICHAEL KAN
* Meta Faces $101 Million Fine for Storing Facebook Passwords in Plaintext
* Starlink Predicts Huge Growth for Printed Circuit Board Production in Texas
* SpaceX's Starlink Adds 1 Million Users in 4 Months
* Resellers Nab PS5 Pro 30th Anniversary Edition Preorders, Post on eBay for
$4K+
* FCC Opens Up More Spectrum for Starlink, Low-Earth Orbiting Satellites
* More from Michael Kan
Advertisement
ADVERTISING BY BITDEFENDER
Choose the Award-Winning Protection for Your Digital Life.Trust is a must in
cybersecurity. Secure your online assets and enjoy a worry-free digital life
with Bitdefender. Get your special offer now.Learn More at Bitdefender.com
APPLE
Apple iPhone 16 Pro Max Review: The Best iPhone for Content Creators Review
4.0
Apple Watch Series 10 vs. Ultra 2: What's the Difference?
By Andrew Gebhart
Apple AirPods 4: An Impressive Upgrade Review
4.0
Apple iPhone 16 vs. Samsung Galaxy S24: Which Is the Best Flagship Phone?
By Iyaz Akhtar
7 Must-Try Features Coming to Your iPhone With iOS 18
By Chloe Albanesius
Apple iPhone 16 vs. Google Pixel 9: The Ultimate iOS vs. Android Showdown
By Sarah Lord
5 Ways macOS Sequoia Is Worse Than Windows
By Chris Hoffman
Apple Watch Series 10 vs. Google Pixel Watch 3: Which Smartwatch Is Better?
By Andrew Gebhart
All
Apple Stories
FURTHER READING
Meta Faces $101 Million Fine for Storing Facebook Passwords in Plaintext
By Michael Kan
'Octo2' Trojan Malware Poses as VPN, Chrome Apps to Steal Funds
By Kate Irwin
Feds Charge 2 Russians for Laundering Over $1B in Crypto for Cybercriminals
By Kate Irwin
Kia Patches Bug That Allowed Access to Cars With Just a License Plate Number
By Emily Dreibelbis
NYC Mayor Adams' Indictment Offers a Few Lessons in Smartphone Security
By Rob Pegoraro
Uninstall Now: This Android App Is Secretly Stealing Crypto
By Kate Irwin
Don't Do It: Google Maps to Label Business Pages That Post Fake Reviews
By Jibin Joseph
Company Behind Major SSN Leak to Stop Selling User Data
By Michael Kan
PCMag Newsletters
PCMag Newsletters
Our Best Stories in Your Inbox
Follow PCMag
*
*
*
*
*
*
HONEST, OBJECTIVE, LAB-TESTED REVIEWS
PCMag.com is a leading authority on technology, delivering lab-based,
independent reviews of the latest products and services. Our expert industry
analysis and practical solutions help you make better buying decisions and get
more from technology.
How We Test Editorial Principles
* Reviews
* Best Products
* Categories
* Brands
* Events
* Series
* Newsletters
* Encyclopedia
* Sitemap
* About PCMag
* Careers
* Contact Us
* Press Center
* Ziffmedia Logo
* Askmen Logo
* Extremetech Logo
* ING Logo
* Lifehacker Logo
* Mashable Logo
* Offers Logo
* RetailMeNot Logo
* Speedtest Logo
© 1996-2024 Ziff Davis, LLC., a Ziff Davis company. All Rights Reserved.
PCMag, PCMag.com and PC Magazine are among the federally registered trademarks
of Ziff Davis and may not be used by third parties without explicit permission.
The display of third-party trademarks and trade names on this site does not
necessarily indicate any affiliation or the endorsement of PCMag. If you click
an affiliate link and buy a product or service, we may be paid a fee by that
merchant.
* About Ziff Davis
* Privacy Policy
* Terms of Use
* Advertise
* Accessibility
* Do Not Sell My Personal Information
* AdChoices
* TRUSTe Logo
*