Pete's Log: Phish Me
Entry #2648, (Coding, Hacking, & CS stuff)(posted when I was 46 years old.)
We continue to get regular phishing tests. And they continue to get filtered into a separate folder. A couple days ago I got one that didn't include any links to click on, so I guess the "fail" scenario is if you reply to the message?
It's a slightly sketchy message in that it's from a random gmail address, but it does ask a valid question and I know we all have to be vigilant these days, but man...
Anyway, I was curious enough to take another look at the email headers, and there's all kinds of spam headers about SPF failures, but I guess the X-PHISH-WHATEVER header takes precedence and forces the message through. Although I just found the vendor website and they actually recommend against whitelisting by header. So hopefully we're whitelisting by some other criteria.
So maybe it's all OK after all.