My work literally just says "report it to it" no other instructions. Like, do we put in a ticket? Email the entire group? Send a teams message? Walk over there and start talking about how its weird that the CEO wants my specific login to help him with his major issue? We have SOPs that out line every specific step you take so anyone can just blindly follow and do it, yet there's not even a statement on how they want it reported.

I forwarded the one phishing attempt I received before we were warned, and there was zero response from them. So I'll just continue deleting them and moving on with my day.

[–] cron@feddit.org 2 points 2 weeks ago

Honestly, thats kind of odd. It does absolutely make sense to have some procedures established and communicated.