• @whileloop
    link
    61
    edit-2
    1 year ago

    My workplace does simulated phishing emails every Friday. If you click on them, they make you do training. Last month, someone’s email was breached and they started sending out tons of phishing emails, the users reported it en masse and we had dozens of reports within minutes - and these emails went out at 10PM on a weekend! Seems like our training works.

    • AggressivelyPassive
      link
      fedilink
      221 year ago

      Last month all employees were invited to a mandatory security trainings via email that looked so incredibly suspicious, that hardly anyone showed up and Corporate had to send out a clarification plus new invites.

      So, we were trained that even the most obvious phishing attempts might actually just be a crappy IT sec shop (and the “training” was about as good, as you’d expect).

    • @[email protected]
      link
      fedilink
      121 year ago

      The only time I clicked on one of those I was on a meeting with a client and my boss was also in the meeting (the client was sharing his screen). Suddenly I get an email from my boss telling me to review the attached pdf with a teams link and the title of the pdf was similar to the project we were working on

      As soon as I clicked I got an “invitation” for additional training

  • SokathHisEyesOpen
    link
    fedilink
    221 year ago

    Believe it or not, the IRS doesn’t accept Best Buy gift cards as payment. Crazy. Right?

  • squiblet
    link
    fedilink
    201 year ago

    I know it’s different as this is about business security, but my favorite is when people think the Sheriff or the IRS is demanding payment in eBay gift cards.

    • @[email protected]
      link
      fedilink
      141 year ago

      My favorite is an email attachment called Totally Important Document.zip and the antivirus wont let them open it, so they open a ticket requesting to turn off the antivirus because its impeding their work.

    • @Jmr
      link
      51 year ago

      But the IRS wants the new britney spears album

  • @[email protected]
    link
    fedilink
    131 year ago

    I know some place where the phishing emails were immediately spotted by the employees because the ceo has awful punctuation and grammar, the phishing email looked too clean to be real lmao.

  • kitonthenet
    link
    fedilink
    -21 year ago

    Don’t show them the email in the first place, seems like an IT problem to me 🤷

    • @[email protected]
      link
      fedilink
      41 year ago

      Modern day reliability and security best practices are based on planning for failures assuming they are all inevitable.

      Back in the old days we would just assume everything is going to work out but that just isn’t sustainable now with how complex and expansive systems have become. Basically, there are too many moving parts to account for every single possibility so people should expect systems to fail and know how to react when it happens.

      • kitonthenet
        link
        fedilink
        31 year ago

        Then IT should expect users to fail, it’s the thing they’re best at