--- title: "If These Guys Can Get Phished Anyone Can | Phish Protection" description: "If These Guys Can Get Phished Anyone Can: Who would you expect to be the last organization taken in by a phishing attack? How about the "largest source for." image: "https://phishprotection.com/og/blog/if-these-guys-can-get-phished-anyone-can.png" canonical: "https://phishprotection.com/blog/if-these-guys-can-get-phished-anyone-can/" --- Quick Answer According to an article on \[SC Magazine\](https://www.scmagazine.com/home/security-news/data-breach/sans-institute-breach-proves-anyone-can-fall-victim-to-a-consent-phishing-scam/), "\_The security training authority has confirmed to SC Media that it was the victim of a ‘consent phishing' scam\_, an attempt by adversaries to get employees to install a malicious application and/or grant it permissions that will allow it to access \*\*sensitive data\*\* or perform unwanted functions." Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fif-these-guys-can-get-phished-anyone-can%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=If%20These%20Guys%20Can%20Get%20Phished%20Anyone%20Can&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fif-these-guys-can-get-phished-anyone-can%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fif-these-guys-can-get-phished-anyone-can%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fif-these-guys-can-get-phished-anyone-can%2F&title=If%20These%20Guys%20Can%20Get%20Phished%20Anyone%20Can "Share on Reddit") [ ](mailto:?subject=If%20These%20Guys%20Can%20Get%20Phished%20Anyone%20Can&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fif-these-guys-can-get-phished-anyone-can%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/08/phishing-email-prevention-5732.jpg) _Who would you expect to be the last organization taken in by a phishing attack?_ How about the “largest source for information security training and security certification in the world?” That’s right. The [SANS Institute](https://www.sans.org/), around since 1989, _training more than 165,000 security professionals around the world_, was just breached as the result of a **phishing attack**. According to an article on [SC Magazine](https://www.scmagazine.com/home/security-news/data-breach/sans-institute-breach-proves-anyone-can-fall-victim-to-a-consent-phishing-scam/), “_The security training authority has confirmed to SC Media that it was the victim of a ‘consent phishing’ scam_, an attempt by adversaries to get employees to install a malicious application and/or grant it permissions that will allow it to access **sensitive data** or perform unwanted functions.” What was the damage? How about “_28,000 records containing personally identifiable information to a malicious Office 365 add-on_, which caused an employee’s email account to automatically forward emails to an attacker’s address.” ![Phishing email prevention](https://media.mailhop.org/phishprotection/images/2020/08/phishing-email-prevention-5732.jpg) Should this come as a shock, that a _security training company got phished_? Not really. As the article correctly pointed out, \[all\] “it takes \[is\] just one uninformed, distracted or negligent employee to trigger an incident.” Proving once again that the weak link in the **email security** chain is the employee and that [awareness training](/blog/the-real-purpose-to-phishing-awareness-training-paranoia/) that is 99% effective is like having no training at all. Ironically enough, just prior to the breach, “Microsoft [warned of consent phishing scams](https://www.microsoft.com/security/blog/?p=91507) targeting remote workers and their **cloud services**, including Office 365.” In summary, a security training organization with advanced warning about a specific type of **phishing attack** was still taken in by that phishing attack. If they can be taken in, _what chance does an ordinary company have to protect themselves from phishing attacks_? Well, as things turn out, a pretty good chance, assuming they take the necessary precautions ahead of time and deploy **cloud-based email security** like that available from [Phish Protection](/). ![Phishing protection](https://media.mailhop.org/phishprotection/images/2020/08/phishing-protection-4962.jpg) As you can see, if you’re relying on your employees to be the last line of defense against phishing attacks, you’re in for a challenge. _Phish Protection on the other hand removes employee decision making from the equation_. Instead, Phish Protection scans emails in real-time for\*\* malicious content\*\*. And when it uncovers it, it quarantines the email, keeping it from reaching the inbox. And you can’t get phished by an email you never receive. _Phish Protection is cloud-based, so there’s no hardware or software to buy and no maintenance ever_. It sets up in 10 minutes, works with all major email services and best of all, _costs only pennies per employee per month_. Don’t be like SANS. Protect your company and employees with Phish Protection. You can try it **free for 60 days**. ## Topics [ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m 13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"If These Guys Can Get Phished Anyone Can","description":"If These Guys Can Get Phished Anyone Can: Who would you expect to be the last organization taken in by a phishing attack? How about the \"largest source for.","url":"https://phishprotection.com/blog/if-these-guys-can-get-phished-anyone-can/","datePublished":"2020-08-25T18:02:00.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-08-25T18:02:00.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/if-these-guys-can-get-phished-anyone-can/"},"articleSection":"foundational","keywords":"Phishing","wordCount":449,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/08/phishing-email-prevention-5732.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"If These Guys Can Get Phished Anyone Can","item":"https://phishprotection.com/blog/if-these-guys-can-get-phished-anyone-can/"}]} ```