I quit reporting any emails at my job. Reported one from an outside source once, but it wasn’t technically a phish. So I received mandatory online safety courses for “wrongly reporting a phishing scam”. Which was the same courses I was already forced to take a few months prior. I was pissed.
My workplace thanks us for reporting pretty much anything. What your place is doing is making people too scared to report. Smort.
Any time a user puts in a ticket about something they aren’t sure of, I thank them for being so careful and compliment their attentiveness. Makes them feel good and makes my life easier. Sure, lots of tickets are annoying, but dealing with people falling for shit is worse because they think I can fix everything.
Your security team sucks. Users should be encouraged to report anything sus, even if it occasionally results in a false positive.
When someone sends you an email, by default you just assume it’s fraud - Walter Wallis
