I'm not sure if they ever did this during onboarding, but my former employer would regularly run fake spearphishing campaigns to raise awareness about spearphishing.
The number of people who regularly fell for it was worrisome. Falling for it meant auto-enrollment in a mandatory security awareness training. Failing to take the training would result in deactivation of the individual's network credentials.
I don't know if these campaigns are actually effective at changing people's behavior, but they certainly revealed how effective spearphishing is.
The number of people who regularly fell for it was worrisome. Falling for it meant auto-enrollment in a mandatory security awareness training. Failing to take the training would result in deactivation of the individual's network credentials.
I don't know if these campaigns are actually effective at changing people's behavior, but they certainly revealed how effective spearphishing is.