the infosec people at my work are rioting because the Distant Corporate Overlord sent an email that scores 10/10 on the phishing scale (“We want to give you a present to thank you for all your hard work!
-
@0xabad1dea This heavily overlaps with a wider societal problem of legitimate customer service communication being largely indistinguishable from scams to most people - intentional confusion and constant change, huge amounts of information disclosure required to do anything without always knowing why (and hesitation can be penalized), and so on. Pretty much entirely by design, in an attempt to minimize anyone's desire to ever contact companies directly.
@lupinia @0xabad1dea When so much “legal, legitimate” business is basically a scam, how can anyone tell?
-
@0xabad1dea there was practically a riot at a previous employer because they announced that for business performance reasons there would be no Christmas bonuses, then a couple of days later sent out a business wide email "as a thank you for all your hard work this year we're giving you a Christmas present, click here to receive it". The Christmas present turned out to be mandatory phishing awareness training for anyone who clicked the link.
@pmb00cs @0xabad1dea Love your IT department for that little "fuck u" Mr CEO email
-
@s0 @0xabad1dea I had the same experience multiple years in a row.
Vague "click now to get started with your experience" button in an external email that wasn't white listed. Turned out to be cyber security training. -
the infosec people at my work are rioting because the Distant Corporate Overlord sent an email that scores 10/10 on the phishing scale (“We want to give you a present to thank you for all your hard work! [Click here] to claim your gift!”)
@0xabad1dea I mean, it must be a test, right? A free gift, from corpo? C'mon.
-
the infosec people at my work are rioting because the Distant Corporate Overlord sent an email that scores 10/10 on the phishing scale (“We want to give you a present to thank you for all your hard work! [Click here] to claim your gift!”)
@0xabad1dea This pisses me off so much!
Not (for me) internal corporate, but marketing depts. Notably Barclays sending “Dear customer click here for your wonderful offer” emails. -
@0xabad1dea I mean, it must be a test, right? A free gift, from corpo? C'mon.
@Tom_ofB I'm pretty sure it's just corporate logo swag distribution being framed as "a thank-you gift"
-
@Tom_ofB I'm pretty sure it's just corporate logo swag distribution being framed as "a thank-you gift"
@0xabad1dea ohhh, I get it. "the gift is free" is just lossy transmission, the full meaning was
"the gift is you can be free advertising for the company". That's awesome, double plus good, really. -
@jwdt @0xabad1dea tertiary health care providers that you’ve never heard of but apparently the anesthesiologist doesn’t work for the hospital not bill through the hospital and in this modern day decides to email and text you to demand payment
@jwdt @0xabad1dea small business tax guy deciding to modernize and calling his secure file drop through some SaaS provider securefile and that being the subdomain on it. Phish alarms blaring, but we got the domain from him in conversation and he’s normal so it just doesn’t register to him that it sounds very bad.
-
@0xabad1dea Every few months, it seems, we get email at work from an address we've never seen before, along the lines of "log into the new HR portal at [dodgy external address]", signed "HR department". Nothing to connect it to this specific employer, no names, etc. Every time I report it as obvious phishing. Every time it turns out the great and powerful overlords have signed a new contract with an even dodgier provider.
i send valid links to colleagues throguh https://shadify.link/
-
the infosec people at my work are rioting because the Distant Corporate Overlord sent an email that scores 10/10 on the phishing scale (“We want to give you a present to thank you for all your hard work! [Click here] to claim your gift!”)
@0xabad1dea I thought infosec ppl had all forgotten how to riot, this is very hopeful
-
@0xabad1dea our phishing training started with an unannounced mail from the training site with a button saying "click here".
we were expected to click on it, to access the training.
@fishidwardrobe @0xabad1dea yes, mine too. I reported it and, because we do have a really good internal person that is responsible for this sort of thing, now we always get an email first saying on how you will get this dodgy-looking thing but it’s real.
-
@0xabad1dea our phishing training started with an unannounced mail from the training site with a button saying "click here".
we were expected to click on it, to access the training.
@fishidwardrobe that's actually a good idea lol
if you don't click on suspicious links, you probably don't need phishing training -
@0xabad1dea
Here I go on a tangent about CEO gifts.A couple years ago, a now EX-CEO proudly announced his amazing Christmas bonus for everyone.
"It will be more personal than cash!"
Yay, a disappointing box of borrel snacks, we thought.
Somehow, our team's expectations weren't low enough. Cheap corporate merch; a hoodie, a travel coffee mug, and an umbrella. They really GET ME.
So yeah, I'll bet that phishy present will be garbage anyhow.
@xinit @0xabad1dea A friend working at the occupational health and safety clinic, a vegetarian, mind you, got a basket of Italian delicacies, including prosciutto, every year.
-
the infosec people at my work are rioting because the Distant Corporate Overlord sent an email that scores 10/10 on the phishing scale (“We want to give you a present to thank you for all your hard work! [Click here] to claim your gift!”)
@0xabad1dea One of my petty pleasures is marking all of the emails from our infosec contractor as phishing attempts. They start with things like "You have been assigned" and I'm like, I don't work for you, red flag, red flag! Also they have a history of "fake phishing" people in order to chide them, so they are literally known bad actors. Welp, that's gonna be my story when they finally track down my boss and complain that I've been ignoring them for 6 years.
-
@0xabad1dea One of my petty pleasures is marking all of the emails from our infosec contractor as phishing attempts. They start with things like "You have been assigned" and I'm like, I don't work for you, red flag, red flag! Also they have a history of "fake phishing" people in order to chide them, so they are literally known bad actors. Welp, that's gonna be my story when they finally track down my boss and complain that I've been ignoring them for 6 years.
@bremner I have in fact said to my coworkers "Emails from the corporate overlord aren't real until my manager asks why I haven't responded yet"
[to be clear, we were a small company that was acquired by a much bigger company in another country]
-
the infosec people at my work are rioting because the Distant Corporate Overlord sent an email that scores 10/10 on the phishing scale (“We want to give you a present to thank you for all your hard work! [Click here] to claim your gift!”)
@0xabad1dea My bank did something like this, even asking me to log in to my account using the button in the email. Customer support didn't see the problem as they "could confirm" the email in my inbox was real. More or less wrote their head lawyer that I thought they were complicit in identity theft. Don't think I ever got a reply, but their policy changed after that.
-
the infosec people at my work are rioting because the Distant Corporate Overlord sent an email that scores 10/10 on the phishing scale (“We want to give you a present to thank you for all your hard work! [Click here] to claim your gift!”)
@0xabad1dea remind me, when i changed my contract, the hr ask some administratives pieces which i give to her
Some time later, i receive an email at my personnal email adress from someone i do not know, asking the same pieces
In my head, it was phishing, but no, the hr Just not send the pieces to him (i learn that later) >< -
@fishidwardrobe that's actually a good idea lol
if you don't click on suspicious links, you probably don't need phishing training@mo @0xabad1dea true, but we were all told (eventually) that we had to click on the suspicious link, which is kind of the opposite
-
phishing training really doesn’t spend enough time on “how to structure your mass corporate communications in such a way that your employees won’t conclude that you communicate exactly like scammers and still expect a reply so they’d better assume scammy emails are legitimate”
@0xabad1dea I had two different employees get scammed out of $500 because they thought I emergency emailed them in the middle of a meeting that I needed $500 in gift cards from Walmart and to just send me the numbers off the cards in email-not sending to my actual email of course.
I was APPALLED any employee thought I would ask them for money. I mean, I would not even ask you for a quarter to get a bottle of water from a vending machine. I had to announce at a meeting I will never ask for $$ -
phishing training really doesn’t spend enough time on “how to structure your mass corporate communications in such a way that your employees won’t conclude that you communicate exactly like scammers and still expect a reply so they’d better assume scammy emails are legitimate”
@0xabad1dea when I started at my current employer, I discovered they’ve outsourced parts of their onboarding process to a third party. Many of the emails I got from the third party resembled phishing attempts, such that I marked several as phishing tests.
