apparently i passed a phishing awareness test last week by correctly ignoring a fake linkedin email
nobody tell my boss that i ignored it entirely on the assumption that it was a real linkedin email
Conversation
Notices
-
Andrew (andrewt@mathstodon.xyz)'s status on Friday, 01-Sep-2023 02:10:00 UTC 
Andrew
- Santa Claes πΈπͺππ°π likes this.
-
Chris Armstrong (rhodium103@mastodon.social)'s status on Friday, 01-Sep-2023 02:10:14 UTC 
Chris Armstrong
@panegyr @andrewt Forwarding IT's own messages to their phishing inbox will never not be hilarious.
Santa Claes πΈπͺππ°π likes this. -
Panegyr :ms_clown: (panegyr@meow.social)'s status on Friday, 01-Sep-2023 02:10:20 UTC 
Panegyr :ms_clown:
@andrewt Iβm still of the opinion that those false phishing emails that IT departments send out are almost completely pointless. The emails about security training I find often look way more like real phishing emails than the emulated attacks.
-
Jolle Carlestam (jolle@mastodon.nu)'s status on Friday, 01-Sep-2023 02:10:30 UTC 
Jolle Carlestam
@panegyr @andrewt I have a total of 4 emails in my corporate spam folder that were all put there by the service itself. They are all sent from my companyβs security department. They all have the same header, and I assume the same content since I havenβt read them. They are from different time periods. The header reminds me that I need to do the mandatory class regarding email security. Am I going to read them? Duck no! Will I do the class? Sure, if the request does not end up as spam first
Santa Claes πΈπͺππ°π likes this. -
Local Dad, Ben Hamill (benhamill@eldritch.cafe)'s status on Friday, 01-Sep-2023 02:10:38 UTC 
Local Dad, Ben Hamill
@andrewt I used to work with a guy who liked to say, "Can't get phished if I don't read my email!"
Santa Claes πΈπͺππ°π likes this. -
Angus McIntyre (angusm@mastodon.social)'s status on Friday, 01-Sep-2023 02:10:43 UTC 
Angus McIntyre
@andrewt A company I worked for hired consultants to send us periodic phishing emails. The emails were sent from assorted domains that were all registered to the consulting company.
Back in the day, WHOIS data was public, so after the first email, I simply looked up all their domains and configured my mail client to flag any mail from those domains with a special label.
This was probably contrary to the spirit of the security awareness program, but I like to think it demonstrated initiative.
Santa Claes πΈπͺππ°π likes this. -
PatriciaLewis (patricialewis@mastdn.social)'s status on Friday, 01-Sep-2023 02:10:50 UTC 
PatriciaLewis
@andrewt I got into trouble for twice ignoring an email inviting me to complete a questionnaire about phishing awareness on the basis that I thought it was a phishing exercise I instructed the staff that I line managed to also ignore it. We were the only team that didn't complete it
Santa Claes πΈπͺππ°π likes this. -
Andrew (andrewt@mathstodon.xyz)'s status on Friday, 01-Sep-2023 02:10:52 UTC
Andrew
@PatriciaLewis the tool they are training us to use accidentally got rolled out too early so the first I heard if it was when my computer popped up a screen for no apparent reason saying "do you want to grant PhishHook access to your Google account" so now I haven't got the chrome extension installed and I don't think this is a me problem
Santa Claes πΈπͺππ°π likes this. -
Vio (viob@eldritch.cafe)'s status on Friday, 01-Sep-2023 02:10:57 UTC 
Vio
@andrewt Literally this meme :
Santa Claes πΈπͺππ°π likes this.
All Chirp! content and data are available under the