How many phishing emails are sent each day, like this image?
How many users click on them, fearing they will be locked out of their account?
If you got an email that says, “Password for your Cayman Islands offshore account expires today” — and you do NOT have any account in the Cayman Islands — do you agree that you will KNOW it’s fraud?
You will NOT click on it. Period.
No confusion, no need to worry, no need to call IT and ask “is this true or false?”
However, if users receive an email from firstname.lastname@example.org that asked them to update an Outlook password — a service they used every day for their job — the distinction becomes less clear.
Now, what if you weaned your users off passwords…
They can log in for months and months without the need of passwords.
Would they fall prey to a phishing email about password reset?