this post was submitted on 31 Aug 2023
1594 points (99.1% liked)

Comic Strips

12768 readers
3096 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

Web of links

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 45 points 1 year ago (27 children)

We get fake phishing emails that are actually from IT and if we don't recognize and report them, we get a talking-to. It's a good way of keeping employees vigilant.

[–] [email protected] 36 points 1 year ago (5 children)

A friend (who actually works in IT) apparently has a good system at his company. It actually automates turning real phishing attempts into internal tests. It effectively replaces links etc and sends it onwards. If the user actually clicks through, their account is immediately locked. It requires them to contact IT to unlock it again, often accompanied by additional training.

[–] [email protected] 2 points 1 year ago (4 children)

Wait. So your friend's company has the ability to reliably detect phishing attacks, but instead of just blocking them outright, it replaces the malicious phishing links with their own phishing links, sends those on to employees, and prevents them from doing their jobs of they fall for it?

Sounds like your friend's company's IT people are kind of dickheads

[–] [email protected] 9 points 1 year ago

I work at a company that does something similar; it can be annoying to deal with these fake phishing emails from our own IT, but a 10-15 minute training session if you fail is a lot less disruptive than what can happen if you clicked the real link instead.

I consider myself a bit more tech-savvy than average, but I’ve almost fallen for a couple of these fake phishing emails. It helps me to keep up with what the latest versions of these attacks look like (and keeps me on my toes too…)

load more comments (3 replies)
load more comments (3 replies)
load more comments (24 replies)