Skip to main content

Phising test failed e-mail to my personal account, how does this scam work? [Resolved]

I've recently gotten a pair of "User Selkie has failed the phishing test" emails to my personal account. The email has no other information, no links or anything, and while I'm not going to respond to it or do anything, I'm wondering how this particular scam works, and if there's anything else I should be doing.

Adding a few details: This is my personal Gmail account

Question Credit: Selkie
Question Reference
Asked May 13, 2019
Posted Under: Security
1 Answers

A few possibilities I can think of.

1: Your employer pays for cyber security auditing, and included your personal email under your information.

2: It is possible that this is a precursor to an attack and you are just someone's guinea pig. Emails can be embedded with things like X-Confirm-Reading-To or Disposition-Notification-To in the header to let the sender know how far his email got. This means that the attacker knows that whatever he did validated through SMTP and anti-spam protection and that you opened his email. If he's trying to build a list of marks for a future spam campaign, something simple like this would help him keep a small cross-section on his outbound list to avoid spam filters for longer.

3: What you are receiving is redacted. Your accounts security features striped out whatever the real threat was; so, now all you get is the taughtning message.

4: There is a payload that runs on opening the email that you just can't see. You don't generally hear about these very often anymore, but doesn't mean they can't still exist.

credit: Nosajimiki
Answered May 13, 2019
Your Answer