Over 20 years ago when I was a system administrator, was in charge of keeping up with about 70 computers or so. There was an interesting issue about malware/spyware reoccurring on one computer. After some sleuthing the user was a big coupon person.
Every time a coupon came in email or on an ad on websites the person clicked the link. It didn’t matter what it is.
Educating didn’t work right away – but eventually things got better, in the meantime I got some software to button down the computer (no apps installed unless I do it). So was able to resolve the problem before a much larger mess occurred inside the whole company.
Created phishing text to video w/ AI program fliki.AI (the watermark in video)
Uploaded the fliki video in Rumble: https://rumble.com/v65av3g-beware-of-phishing-example.html
Also uploaded to Youtube: https://youtube.com/shorts/f_YTGhSLRJw?feature=share
Never click on links (even if you hover over to see where they go) as one can’t be sure where that is. Especially for financial institutions (banks etc).
You can also see who is sending you the email, but remember one can put any email in the sending email text – and unless you can look at the actual email traffic details it is not very useful as it can be spoofed.
Definition of Email spoofing: https://www.fortinet.com/resources/cyberglossary/email-spoofing
Email spoofing is a threat that involves sending email messages with a fake sender address. Email protocols cannot, on their own, authenticate the source of an email. Therefore, it is relatively easy for a spammer or other malicious actors to change the metadata of an email. This way, the protocols think it came the real sender.
This is why it is important to create a security policy and training for employees. this is a long term problem and needs to be worked on.