I always hated that clicking the phishing link in the email is considered a fail.
I don't think that's right, at least not from a phishing point of view. From a 0-day point of view, yes.
But because we get flooded by emails it's easy to miss something in an email, only for it to be apparent on the page itself. Primarily because the URL will be off, or that my password manager doesn't autofill stuff.
And the flood of emails got worse when people started sending emails to group addresses in BCC instead of in To. At least in Exchange you have no idea whether the sender put your email in BCC or the group in BCC (VERY low priority).
At least I found out that the phishing emails have a recognizable header in the email, allowing me to automatically filter those.
I don't think that's right, at least not from a phishing point of view. From a 0-day point of view, yes.
But because we get flooded by emails it's easy to miss something in an email, only for it to be apparent on the page itself. Primarily because the URL will be off, or that my password manager doesn't autofill stuff.
And the flood of emails got worse when people started sending emails to group addresses in BCC instead of in To. At least in Exchange you have no idea whether the sender put your email in BCC or the group in BCC (VERY low priority).
At least I found out that the phishing emails have a recognizable header in the email, allowing me to automatically filter those.