Skip to main content
For Legal Professionals
Find a Lawyer
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Send Fake 'Phishing' Emails to Test Employees?

By Andrew Lu on April 03, 2013 | Last updated on March 21, 2019

Some employers are sending fake "phishing" emails to test their employees' safe computing practices. Should you do it too?

One of the most popular fake "phishing" emails pictures a Turkish Angora cat with a purple mohawk and the subject, "Check out these kitties! :-)" The email includes an attachment or link promising more feline photos. But workers who click it get a surprise: A warning from their IT departments not to open such emails, reports The Wall Street Journal.

Why are employers doing this? Because many realize that it's not foreign hackers who cause the most harm to their networks and databases. Instead, it's employees who open suspicious emails and unwittingly invite viruses onto work computers.

While these fake phishing emails may seem like a lot of effort just to teach your employees a simple lesson (i.e., don't open unknown emails or attachments), there may be some validity for using such methods. For example:

  • Getting caught red-handed may be more memorable than a training session. Many workers listen to a presentation on a topic like cybersecurity and think to themselves that it will never happen to them. But the reality is that we do occasionally open these emails whether out of boredom, curiosity, or sloppiness. By getting caught red-handed, you have a stark reminder that it can happen to you.

  • Realistic tests show how "phishing" works in real life. For some less computer-savvy workers, they may not understand exactly why it's so risky to open attachments or click on email links. By going through this fake "phishing" exercise, these employees can learn first-hand what not to do.

  • Such tests may encourage your workers to be more careful. Just realizing that someone is watching and monitoring employees' Internet use may instill fear and cause workers to be more careful with their email and web-browsing activities on the job.

The company behind the fake cat "phishing" email, PhishMe Inc. of Virginia, says about 3.8 million workers have received the cat email in their inboxes. Such exercises can reduce an organization's risk of falling for "phishing" scams by about 50% in the first six months, according to PhishMe's website.

Follow FindLaw for Consumers on Google+ by clicking here.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard