Phishing - The Day I Reported Genuine Email

Phishing – The Day I Reported a Genuine Mail as Phishi

If you have spent enough years in a corporate office, chances are you have unknowingly participated in a phishing game you never signed up for…

The game is called… “Is this a genuine email… or a phishing simulation?” 😊😉

And unlike most games… getting the answer wrong comes with consequences…

Tell me honestly…How many times have you clicked a suspicious-looking email only to realize… oops… it was a phishing simulation? Come on… be honest…In my initial years of career, I clicked almost every phishing simulation email that landed in my inbox…

Free voucher…? Click! 💥

Training…? Click! 💥

Urgent action required…? Click! 💥

Important-looking notification from admin…? Click! 💥

Basically… if there was bait, I somehow managed to take it. 😂

Within seconds… boom… a page pops up saying I clicked on a simulated phishing email and now I need to complete mandatory cybersecurity awareness training…😒

Phishing Email Example

There goes the rest of my day…

Thankfully the training was private. Otherwise, I would probably have featured on some internal leaderboard by now.😂

The training itself wasn’t too bad… but those long videos followed by quizzes always felt like punishment…And I might actually be the only person who managed to fail the quiz and retake the training…Not because the questions were difficult…

But because I confidently fast-forwarded through most of the videos and jumped straight to the questions…

I thought common sense would carry me through…Apparently… the training team had already planned for smart people like me…

Looking back, I’m pretty sure I spent enough time on phishing awareness training to comfortably complete my annual training hours goal.

At one point I was getting caught so frequently, I was tempted to add a personal objective for the year…

“Successfully click 12 phishing emails.” Target achieved. 🎯

Phishing Email Passed Successfully

After getting caught enough times… pain became the greatest teacher…I started checking sender names…Hovering over links before clicking…Double-checking unexpected requests…

The Phishing Reporter button in Outlook slowly became one of my favourite buttons… not because I loved cybersecurity.

But because I had absolutely no interest in attending another round of training…

Over time, I became incredibly cautious.

Every suspicious email was immediately reported.

Every strange subject line was treated like a crime scene.

Every unexpected attachment became guilty until proven innocent.

Eventually, I reached what I considered cybersecurity enlightenment.

Month after month.

Year after year. Not a single phishing simulation caught me. 100% success rate.

In fact, in one of the companies I worked for, I even earned reward points for successfully identifying and reporting phishing simulation emails…

For someone who used to click almost every trap in sight… this felt like winning an Oscar in cybersecurity.

By this point… I genuinely believed I could identify a phishing email from three kms away…

Little did I know…Then came the day that humbled me! One fine morning… an email landed in my inbox.

At first glance… something felt off. The wording looked weird…The request felt odd…My inner phishing radar immediately started screaming.

Suspicious… suspicious… suspicious…

Without giving it much thought, I confidently clicked Report Phishing. Done. Case closed. Another fish caught…

A little later… I discovered the truth…The email was completely genuine.

Sent by a real person from corporate communication team. Asking all employees to take some action to complete the forms. 

Oops…It was the most embarrassing moment in my life. Somewhere along the way, healthy caution had quietly evolved into professional paranoia…

After years of avoiding phishing simulations, I had reached a stage where even genuine emails had to work hard to earn my trust…😄😄

Looking back… that moment taught me something interesting!

Experience teaches us what to watch out for.

Wisdom teaches us when not to overreact.

Read my other blog posts here.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *