Customer Reports: "GSuite Makes Phishing Training Unnecessarily Hard..."



1014px-New_Logo_Gmail.svgCustomers report to KnowBe4 that they have issues with gmail and their security awareness training program.

I am stepping onto my soapbox here, because this is an industry-wide problem, not just with KnowBe4 customers.

Here is an example. Google, are you listening?

"It has been very frustrating working through Google Mail (GSuite for Business) in this regard, ironically because their own fraud and phishing filters have been improving.  Improving, but not perfect... 

"When new tactics appear, or particularly when the fraud is being sent from compromised accounts at companies that our staff have worked with in the past, Google trusts those messages and won't flag them as potentially fraudulent until/unless some critical mass of those messages are sent to other GMail recipients -- usually too late to be of practical use. 

"The problem is that those phishing attempts are precisely the sort we need to train our staff to spot, question and report!!  We started working with KnowBe4 to train our employees and get them used to seeing such targeted phishing / spear-phishing attempts, and the platform, in general, is very good at doing just that. 

"The problem with our main-office staff is that Google pretty reliably catches KnowBe4 messages as "fraud", even as it FAILS to catch a substantial portion of the real problem messages.  So the only "training" our staff receive is from the real-world bad guys, where failure cannot be an option!

"It would be fantastic if there was a way to whitelist / de-flag / trust security awareness training messages from the Gmail filters on our domain, or somehow understand how to craft our training templates so that we don't rise above the flagging threshold. 

"But I understand that this is a "Google problem", not a KnowBe4 problem... they provide mechanisms to exempt senders from spam controls, but there doesn't seem to be any mechanism to exempt from fraud/virus/phishing ones, so we welcome any advice here. Thanks for your assistance!" ~Jim

Google, this is a request that will help protect our critical infrastructure. Please take some action and make this a reality.

Your billion+ users will thank you!

Warm regards,

Stu Sjouwerman,

Founder and CEO, KnowBe4, Inc.

NewStu-6

 




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews