Conversation

Notices

Embed this notice
Andrew (andrewt@mathstodon.xyz)'s status on Friday, 25-Aug-2023 03:33:51 JST Andrew

apparently i passed a phishing awareness test last week by correctly ignoring a fake linkedin email
nobody tell my boss that i ignored it entirely on the assumption that it was a real linkedin email

In conversation Friday, 25-Aug-2023 03:33:51 JST from mathstodon.xyz permalink
- clacke likes this.
- Embed this notice
  Local Dad, Ben Hamill (benhamill@eldritch.cafe)'s status on Friday, 25-Aug-2023 05:27:30 JST Local Dad, Ben Hamill
  in reply to
  
  @andrewt I used to work with a guy who liked to say, "Can't get phished if I don't read my email!"
  
  In conversation Friday, 25-Aug-2023 05:27:30 JST permalink
  
  Haelwenn /элвэн/ :triskell: and clacke like this.
- Embed this notice
  Chris Armstrong (rhodium103@mastodon.social)'s status on Friday, 25-Aug-2023 05:28:10 JST Chris Armstrong
  in reply to
  - Panegyr :ms_clown:
  @panegyr @andrewt Forwarding IT's own messages to their phishing inbox will never not be hilarious.
  
  In conversation Friday, 25-Aug-2023 05:28:10 JST permalink
  
  Haelwenn /элвэн/ :triskell: and clacke like this.
- Embed this notice
  Panegyr :ms_clown: (panegyr@meow.social)'s status on Friday, 25-Aug-2023 05:28:12 JST Panegyr :ms_clown:
  in reply to
  
  @andrewt I’m still of the opinion that those false phishing emails that IT departments send out are almost completely pointless. The emails about security training I find often look way more like real phishing emails than the emulated attacks.
  
  In conversation Friday, 25-Aug-2023 05:28:12 JST permalink
  
  Polychrome :blabcat: likes this.
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Friday, 25-Aug-2023 05:28:54 JST Rich Felker
  in reply to
  - Panegyr :ms_clown:
  - Chris Armstrong
  @Rhodium103 @panegyr @andrewt "This email purporting to be from IT with really bad grammar and poor security hygiene is trying to get me to click on a suspicious link claiming it's a mandatory security training"
  
  In conversation Friday, 25-Aug-2023 05:28:54 JST permalink
  
  Haelwenn /элвэн/ :triskell: likes this.
- Embed this notice
  Paul Cantrell (inthehands@hachyderm.io)'s status on Friday, 25-Aug-2023 08:49:33 JST Paul Cantrell
  in reply to
  
  @andrewt
  In conversation Friday, 25-Aug-2023 08:49:33 JST permalink
  Attachments
  1. “They’re the same picture” meme from The Office
- Embed this notice
  Polychrome :blabcat: (polychrome@poly.cybre.city)'s status on Friday, 25-Aug-2023 17:36:17 JST Polychrome :blabcat:
  in reply to
  
  @andrewt
  👨💼 "Good job ignoring that fake Facebook notification email."
  
  :blobowo: *does not have Facebook* "Thanks."
  
  In conversation Friday, 25-Aug-2023 17:36:17 JST permalink
  
  Haelwenn /элвэн/ :triskell: likes this.
- Embed this notice
  Jolle (jolle@mastodon.nu)'s status on Friday, 01-Sep-2023 11:23:14 JST Jolle
  in reply to
  - Panegyr :ms_clown:
  @panegyr @andrewt I have a total of 4 emails in my corporate spam folder that were all put there by the service itself. They are all sent from my company’s security department. They all have the same header, and I assume the same content since I haven’t read them. They are from different time periods. The header reminds me that I need to do the mandatory class regarding email security. Am I going to read them? Duck no! Will I do the class? Sure, if the request does not end up as spam first
  
  In conversation Friday, 01-Sep-2023 11:23:14 JST permalink
  
  clacke likes this.
- Embed this notice
  Angus McIntyre (angusm@mastodon.social)'s status on Friday, 01-Sep-2023 11:23:15 JST Angus McIntyre
  in reply to
  
  @andrewt A company I worked for hired consultants to send us periodic phishing emails. The emails were sent from assorted domains that were all registered to the consulting company.
  Back in the day, WHOIS data was public, so after the first email, I simply looked up all their domains and configured my mail client to flag any mail from those domains with a special label.
  This was probably contrary to the spirit of the security awareness program, but I like to think it demonstrated initiative.
  
  In conversation Friday, 01-Sep-2023 11:23:15 JST permalink
  
  clacke likes this.
- Embed this notice
  PatriciaLewis (patricialewis@mastdn.social)'s status on Friday, 01-Sep-2023 11:23:25 JST PatriciaLewis
  in reply to
  
  @andrewt I got into trouble for twice ignoring an email inviting me to complete a questionnaire about phishing awareness on the basis that I thought it was a phishing exercise I instructed the staff that I line managed to also ignore it. We were the only team that didn't complete it
  
  In conversation Friday, 01-Sep-2023 11:23:25 JST permalink
  
  clacke likes this.
- Embed this notice
  Andrew (andrewt@mathstodon.xyz)'s status on Friday, 01-Sep-2023 11:23:28 JST Andrew
  in reply to
  - PatriciaLewis
  @PatriciaLewis the tool they are training us to use accidentally got rolled out too early so the first I heard if it was when my computer popped up a screen for no apparent reason saying "do you want to grant PhishHook access to your Google account" so now I haven't got the chrome extension installed and I don't think this is a me problem
  
  In conversation Friday, 01-Sep-2023 11:23:28 JST permalink
  
  clacke likes this.
- Embed this notice
  Vio (viob@eldritch.cafe)'s status on Friday, 01-Sep-2023 11:23:30 JST Vio
  in reply to
  
  @andrewt Literally this meme :
  In conversation Friday, 01-Sep-2023 11:23:30 JST permalink
  Attachments
  1. Meme "Michael Scott with long hair in The Office, young Michael Scott" with : _ Michael's boss with a happy face handshaking Michael's hand, labeled : "IT security congratulating us on passing the phishing test."; _ Michael, disturbed and quite guilty, labeled : "Me who didn't check my e-mail.".
    https://eldritchcafe.files.fedi.monster/media_attachments/files/110/946/570/155/059/654/original/8a165a537f49f9aa.jpg
  clacke likes this.

Public

Conversation

Notices

Feeds