apparently i passed a phishing awareness test last week by correctly ignoring a fake linkedin email
nobody tell my boss that i ignored it entirely on the assumption that it was a real linkedin email
apparently i passed a phishing awareness test last week by correctly ignoring a fake linkedin email
nobody tell my boss that i ignored it entirely on the assumption that it was a real linkedin email
@andrewt I used to work with a guy who liked to say, "Can't get phished if I don't read my email!"
@panegyr @andrewt Forwarding IT's own messages to their phishing inbox will never not be hilarious.
@andrewt I’m still of the opinion that those false phishing emails that IT departments send out are almost completely pointless. The emails about security training I find often look way more like real phishing emails than the emulated attacks.
@Rhodium103 @panegyr @andrewt "This email purporting to be from IT with really bad grammar and poor security hygiene is trying to get me to click on a suspicious link claiming it's a mandatory security training"
@panegyr @andrewt I have a total of 4 emails in my corporate spam folder that were all put there by the service itself. They are all sent from my company’s security department. They all have the same header, and I assume the same content since I haven’t read them. They are from different time periods. The header reminds me that I need to do the mandatory class regarding email security. Am I going to read them? Duck no! Will I do the class? Sure, if the request does not end up as spam first
@andrewt A company I worked for hired consultants to send us periodic phishing emails. The emails were sent from assorted domains that were all registered to the consulting company.
Back in the day, WHOIS data was public, so after the first email, I simply looked up all their domains and configured my mail client to flag any mail from those domains with a special label.
This was probably contrary to the spirit of the security awareness program, but I like to think it demonstrated initiative.
@andrewt I got into trouble for twice ignoring an email inviting me to complete a questionnaire about phishing awareness on the basis that I thought it was a phishing exercise I instructed the staff that I line managed to also ignore it. We were the only team that didn't complete it
@PatriciaLewis the tool they are training us to use accidentally got rolled out too early so the first I heard if it was when my computer popped up a screen for no apparent reason saying "do you want to grant PhishHook access to your Google account" so now I haven't got the chrome extension installed and I don't think this is a me problem
@andrewt Literally this meme :
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.