Transcript

Panel 1: [Coworker in a red tie with dark hair leans into the cubicle of IT who is busy on a computer, a key card or ID hangs around his neck]

Coworker: I clicked an email link and it says I need training?

Panel 2: [IT stops working and looks irritated]

IT: Ah yes. The Training.

Panel 3: [IT sprays the coworker with a spray bottle]

FSHSSSH

FSHSSSH

FSHSSSH

IT: BAD! THAT WAS BAD!

Panel 4: [IT continues spraying the coworker, now crouching down hands raised defensively as the water is sprayed in his face. IT ha a look of glee on his face as another coworker walks by with a look of concern on her face, papers in hand.]

FSHSSSH

FSHSSSH

FSHSSSH

FSHSSSH

FSHSSSH

Coworker: HISSS!

Alt Text

The next training module unlocks after three hisses

.

Source

  • FuglyDuckEnglish
    1·
    7 days ago

    An email service can check every email and catch the vast majority of spoofed headers pretty easily.

    You’re right, it’s possible that the email is spoofed and passed the header checks, or that email is already compromised, or something.

    That said, using one’s one legitimate email in a phishing test. They said the same stuff. So we spent about a month calling them for every email they sent (including the “you need to sign up for training”)

    It creates more problems than it’s worth, and they caught the point pretty quickly.

    • surewhynotlem
      1·
      7 days ago

      spent about a month calling them for every email

      Hah! I did the same with every spam email that got through the filter.