Yes, this! I had an email from a 3rd party telling me about required training, click the link and use my employee credentials to log in.
Other training has been posted as a to-do in our individual HR account portal, and this was an external site, so it set off warning flags. Not only that, the name of the 3rd party was a legit company, but the site the email linked to was not that company's domain. Big red flag! Curious as I am, I run whois on both domains. Completely different registration info!
So, confident I've identified a phishing attempt and concerned it might have been shotgunned to many people, I notify the appropriate people. Was it a scam? Nope! In fact the person I notified was quite frustrated because a month earlier there had been an email that, sometime in the future, there would be $X training coming up. Yeah, a month later I had no recollection of a generic HR notification that (when I looked in my archive) made no mention that it would not be using the standard secure MFA HR portal used to link out to all other training.
This was all about 4 months after a similar required security training, which was accessed via the usual HR portal, and which listed about half a dozen phishing red flags that the new training violated. But not to worry, my workplace takes security seriously. I guess their seriousness is just very unevenly distributed. It's a good thing we're not really a high value target for hackers.
Other training has been posted as a to-do in our individual HR account portal, and this was an external site, so it set off warning flags. Not only that, the name of the 3rd party was a legit company, but the site the email linked to was not that company's domain. Big red flag! Curious as I am, I run whois on both domains. Completely different registration info!
So, confident I've identified a phishing attempt and concerned it might have been shotgunned to many people, I notify the appropriate people. Was it a scam? Nope! In fact the person I notified was quite frustrated because a month earlier there had been an email that, sometime in the future, there would be $X training coming up. Yeah, a month later I had no recollection of a generic HR notification that (when I looked in my archive) made no mention that it would not be using the standard secure MFA HR portal used to link out to all other training.
This was all about 4 months after a similar required security training, which was accessed via the usual HR portal, and which listed about half a dozen phishing red flags that the new training violated. But not to worry, my workplace takes security seriously. I guess their seriousness is just very unevenly distributed. It's a good thing we're not really a high value target for hackers.