You are viewing a single thread.
View all comments View context
56 points

The one they use at my work is extra silly, as it adds an extra email header saying it’s coming from a phishing campaign

permalink
report
parent
reply
53 points

Ours do that too. It’s so obvious that I’m not sure if they think we’re all stupid, except then I remember that some of my coworkers actually are stupid, so it’s probably aimed at them.

permalink
report
parent
reply
59 points

except then I remember that some of my coworkers actually are stupid, so it’s probably aimed at them.

I work in IT and have done these campaigns, if you’re on Lemmy, you’re probably not the target audience lmao

permalink
report
parent
reply
35 points

There’s an older guy in my group who rants and raves about how all the new training is a waste of time. Discrimination, harassment, safety, information security, all of it. But he specifically hates the fraud and phishing training.

He’s the only one in our group that has failed any of the test emails.

permalink
report
parent
reply
24 points

I’ve worked with a dude for years who I would consider smart both technically and non-technically. One time we got an email at work with an attachment that was something like “microsoft_update.exe.txt”. The email said “due to a technical limitation on the email system, this file needs to be renamed to drop the .txt and executed to apply a critical to your computer.”

It was, in my mind, such an obvious phishing attempt that I laughed out loud and said “who the fuck would ever fall for this?” Then my coworker popped his head over the cube wall and said “WAIT WHAT? We weren’t supposed to run that?!”

Fortunately, the security team sat nearby and heard the whole thing and rushed over to quarantine his PC

permalink
report
parent
reply
15 points

quarantine his PC

You mean shut it off and steal and the Ethernet cable? Lol

permalink
report
parent
reply
9 points

Even a smart person can have a bad day / moment of weakness. If you are super busy / stressed out and some email comes that looks like a bullshit request from HR or IT or whatever, it can be tempting to just try to knock it off your plate real quick so you can get back to whatever fire you were fighting.

My tactic these days is I pretty much don’t click on ANYTHING in an email, so it’s an ingrained habit. If it’s a link to something, it’s usually one I can navigate to myself using my browser. If it’s an attachment, we use a file sharing system that stores these so I can just go to that and see what’s in there.

It’s inconvenient, and you don’t always have these work-around options, but by trying to make into an automatic habit, it has saved me a couple of times.

permalink
report
parent
reply
3 points

haha same for me, the header contains the word “gophish”, easy to filter it

permalink
report
parent
reply
2 points

Damn. I’ve scripted out the entire process of verifying an owned domain in a hosted mail providers system, deploying the ec2 infrastructure, and installing and configuring gophish for a campaign, along with tearing everything down.

That header thing gophish adds is a default option that you can override by just setting that header to an empty string. Whoever runs campaigns for your employer either wants to make it easy for you to pass or doesn’t care about their job at all.

I’ve done it in the context of red team/adversary emulation campaigns before though, so the opsec needed to be a bit tighter than the mandatory phishing awareness stuff i guess.

permalink
report
parent
reply
5 points

That’s really funny. It’s like you work for Dunder-Mifflin.

permalink
report
parent
reply
3 points

Lots of us do lol

permalink
report
parent
reply
4 points

Lmao, the other day I had to whitelist some domains used for phishing training emails in the anti-phishing software we use just so they wouldn’t get nuked, then I had to whitelist them in another anti-phishing software so they wouldn’t have - huge red header injected on the top of the email body warning the user it was phishing.

permalink
report
parent
reply

Comic Strips

!comicstrips@lemmy.world

Create post

Comic Strips is a community for those who love comic stories.

The rules are simple:

  • The post can be a single image, an image gallery, or a link to a specific comic hosted on another site (the author’s website, for instance).
  • The comic must be a complete story.
  • If it is an external link, it must be to a specific story, not to the root of the site.
  • You may post comics from others or your own.
  • If you are posting a comic of your own, a maximum of one per week is allowed (I know, your comics are great, but this rule helps avoid spam).
  • The comic can be in any language, but if it’s not in English, OP must include an English translation in the post’s ‘body’ field (note: you don’t need to select a specific language when posting a comic).
  • Politeness.
  • Adult content is not allowed. This community aims to be fun for people of all ages.

Web of links

Community stats

  • 12K

    Monthly active users

  • 2.8K

    Posts

  • 56K

    Comments

Community moderators