My It department does mandatory phishing training every year, and then for the "test" e-mails, they spoof a domain and whitelist the DMARC on their side so it goes through.
So we get e-mails from @microsoft.com and it's only if you dig in the metadata that you see it failed authentication. The only tell in the e-mail is checking the URL, which doesn't tell you much because tons of regular e-mails use tracker redirects too. They even send emails from our own domain or the domain of our payroll company.
I won't type out my rant, but our IT department is a few guys who couldn't figure out what to do when their competitive xbox FIFA 2006 dreams failed, heard IT pays a lot with not much work, and then sat through the certs.
I know teachers that make $50k and no pension, with others making $93k, halfways to their pension at 35yrs old, get almost 12 weeks off total a year, and work from 8am to 3pm (1 hour lunch, 1 hour for 'prep' aka Netflix) and home by 335, and no, they basically never do any work at home. She technically has students (10 year olds she sends links to for their chrome books) about 5x53 minutes a day.
That sounds like a good semi-retirement gig just to get out of the house for a little while. If you're teaching the tech-related electives rather than mandatory core courses, the students are likely a lot more pleasant to deal with. I took German just to get away from the all the kids taking Spanish or French who were just there because they have to get their foreign language credit.
Yes, just what we need, retired people with a whole career of making income behind themselves taking another decent entry level job someone one just out of college can get. (No teaching credential needed for substitute teachers usually)
If a semi-retired engineer with 2-4 decades of work experience makes a better public high school STEM teacher, then I hope a lot more engineers do it as a semi-retirement gig.
The aspiring career schoolteachers will just have to find a job in a field that is short-staffed, like registered nurses or one of the trades. I'm sure that comes across as "let them eat cake" to some Bernie moron, but going back to school for 6 months is small potatoes, and doing a little market research before making big financial decisions like choosing your college major in the first place is basic adult responsibility.
If we apply the "lump of labor" fallacy everywhere else honestly and consistently, we would have to be opposed to immigration and trade because "those damn foreigners" went and "took er jerbs".
My university pulled the same BS 10-15 years ago. The worst part is that they sent the "test" email from the same email address they use for all of their other announcements, and then had the gall to send an automated "shame on you" reply if you clicked their link.
Knowing what I know now about the IT staff and professors and knowing in hindsight only 3-4 of my CS classes were of any relevance to my work, I seriously regret not cheating my way through undergrad. I wish I could take back the time I wasted on Java and spend it with my N64.
The problem is that if you click one of the links, you need to do (well sort of) the hour long phishing class and testing again. But of course, nowhere in the class do they say anything about not trusting e-mails from a known safe domain.
Whats funny though is that if you click the link in a phishing test, they will e-mail you to complete the training. But there is no enforcement (general management doesn't care), so you just get a daily e-mail telling you that you are overdue. It also however stops them from sending the fake phishing emails. So a bunch of us clicked the phishing link, marked the "do your training" e-mail as spam, and now never get bothered.
Where I was, they tracked who didn't do it, and came down on them, then their manager, and then it became an HR issue. Only one or two people went down the HR path, and then they did the training pretty quickly. Of course it didn't start harsh, just "hey, a reminder, we are tracking this and you need to do it" but when you blatantly ignored it the response got more firm.
Also, the last one I took they talked about phishing using a malicious Google docs link IIRC.
Anecdotes don't mean you know everything about a system.
For anyone subjected to these, they usually contain the header X-PHISHTEST which you can create a filter for, and then either send them to trash or put them in a special folder so you can report them later.
So we get e-mails from @microsoft.com and it's only if you dig in the metadata that you see it failed authentication. The only tell in the e-mail is checking the URL, which doesn't tell you much because tons of regular e-mails use tracker redirects too. They even send emails from our own domain or the domain of our payroll company.
I won't type out my rant, but our IT department is a few guys who couldn't figure out what to do when their competitive xbox FIFA 2006 dreams failed, heard IT pays a lot with not much work, and then sat through the certs.