When a company sends fake phishing attempts, the links report back if they’ve been clicked. For them to get that report, their job would had to have sent it.
How else would they know she fell for the bait unless she actually did get phished months ago and their IT traced a recent attack back to her, in which they gave her training instead of firing her?
The immediacy of the follow up email indicates she was caught my a fake phishing attempt meant to catch employees before real attackers do.
I think this story may be told by an unreliable narrator.
We have no evidence that the email actually came from their job - that misidentification by Ki might be the problem that IT hopes training will solve.
When a company sends fake phishing attempts, the links report back if they’ve been clicked. For them to get that report, their job would had to have sent it.
How else would they know she fell for the bait unless she actually did get phished months ago and their IT traced a recent attack back to her, in which they gave her training instead of firing her?
The immediacy of the follow up email indicates she was caught my a fake phishing attempt meant to catch employees before real attackers do.