this post was submitted on 05 Oct 2023
488 points (100.0% liked)

196

16510 readers
2341 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] jjagaimo@lemmy.ca 64 points 1 year ago (5 children)

Today I got an email from management, something along the lines of "you didnt click the link in this email we sent as a required questionnaire about phishing, some people reported it as phishing: a reminder, all emails from IT@company.com are not phishing"

There was no previous email

I checked the message details and it said "THIS IS A PHISHING TEST BY external company"

It was a phishing test disguised as an urgent reminder to answer a phishing questionnaire, replying to a nonexistent email. I can't wait until Monday when they round up everyone who clicked the link

[–] hardware26@discuss.tchncs.de 19 points 1 year ago (2 children)

This is a good one. We get standard phishing tests which make no sense. It is usually a person I don't know, from a company I haven't heard of asking me to edit/review a file they share. People who design these tests should know that people do NOT jump into the opportunity of editing/reviewing files or receiving tasks. I imagine real phishing attacks must be smarter than this.

[–] newIdentity@sh.itjust.works 5 points 1 year ago

Not nessecarily. They only need one person to run the file

[–] chiliedogg@lemmy.world 4 points 1 year ago

I work for a small-ish but fast-growing municipality, and we're getting increasingly well-targeted actual attacks. Instead of posing as "The IT department" they're posing as my boss or the City Manager by name.

This week they even started name-dropping the conference most of the directors were actually attending as an excuse why we wouldn't be able to reach out and talk to them before the "request$ was due.

[–] dditty@lemm.ee 11 points 1 year ago

Wow damn that'd trick whole swaths of our org 🤦. Sad how many people we still get with the super obvious "Free $5 on Venmo" phishing tests...

[–] newIdentity@sh.itjust.works 9 points 1 year ago

That's actually pretty smart.

[–] miss_brainfart@lemmy.ml 5 points 1 year ago

They did something similar at our university, I wonder how many fell for it. They never told us