In the same vein, every corporate "security training" email I've received that's been outsourced to a third party vendor looks indistinguishable from spam and phishing, the exact things it goes on to train you not to open. I scare-quote that because they're universally worthless training programs used to tick boxes on compliance forms and not actual training, so I happily flag them as spam.
I've also recieved company-wide corporate gifts (like $5 digital gift cards) distributed through extremely spammy looking vendors with dubious looking links.
The same goes for the overwhelming majority of vendors, recruiters, and outsourcing companies that are cold-emailing me, it all looks like 50 shades of scam.
Yes, this! I had an email from a 3rd party telling me about required training, click the link and use my employee credentials to log in.
Other training has been posted as a to-do in our individual HR account portal, and this was an external site, so it set off warning flags. Not only that, the name of the 3rd party was a legit company, but the site the email linked to was not that company's domain. Big red flag! Curious as I am, I run whois on both domains. Completely different registration info!
So, confident I've identified a phishing attempt and concerned it might have been shotgunned to many people, I notify the appropriate people. Was it a scam? Nope! In fact the person I notified was quite frustrated because a month earlier there had been an email that, sometime in the future, there would be $X training coming up. Yeah, a month later I had no recollection of a generic HR notification that (when I looked in my archive) made no mention that it would not be using the standard secure MFA HR portal used to link out to all other training.
This was all about 4 months after a similar required security training, which was accessed via the usual HR portal, and which listed about half a dozen phishing red flags that the new training violated. But not to worry, my workplace takes security seriously. I guess their seriousness is just very unevenly distributed. It's a good thing we're not really a high value target for hackers.
I've also recieved company-wide corporate gifts (like $5 digital gift cards) distributed through extremely spammy looking vendors with dubious looking links.
The same goes for the overwhelming majority of vendors, recruiters, and outsourcing companies that are cold-emailing me, it all looks like 50 shades of scam.