23 Comments
  1. My company’s IT training: “Be wary of emails that are urgent, have typographical errors, and contain links or images!”

    [Actual email sent out by my IT department](https://imgur.com/tIl2JT8) that says it expires today, contains typos, asks you to download an image, and asks you to click a link…

    Out of low level /r/maliciouscompliance, I report it as a phishing attempt every time I see it.

  2. At my job, we have to actually click the Report Phishing button in our Outlook addon

  3. I received a spam at work the other week that was addressed to “victimname”.

    Spammers can’t even setup their damn spambots these days.

  4. Me being the curious peep during one of my internships, checked all email headers and whatnot and guessed it was a “testing” email and reported it, and checked out the link in a sandbox lmao

    I got both thank you and you failed emails lol

    “Task failed successfully” I guess

  5. My job is getting tricky with it now. The only way to not have to do security refresher training is to report it. If you delete it or mark it as junk you get a “Congratulations but not quite the right action. Please see the schedule for security refresher training at the bottom of the email!” I started reporting ever email I received that came from someone not on my team. Even that didn’t work. I have training still.

  6. Not a programmer, but a librarian passing through. This happened at work for a three month period: insistently being bombarded by IT with “I see SOME of you clicked that email that was a test naughty naughty!” And “we’ve been sending you spam emails all week as a test” but throughout that whole time I only ever got one, and it was near the end (I considered saving it in a folder as a little trophy but didn’t wanna risk it). I’m sure this is a great test for the 40+ year olds but when you’re 24 youre first thought when seeing these emails is “sweetie if you saw my throwaway email inbox you and your computer would explode.”

  7. Damn OP, this one hits a little hard.

    I feel attacked.

  8. A good majority of the emails I receive have Outlook filters to go straight into the trash. Especially the announcements from HR which they somehow feel are so important that they have to be in an email and tagging the entire company in four separate Teams channels.

  9. That’s only because I sent the email and I’m not in security…

  10. I failed a phishing text once at work and had to take a one hour cyber security course. I just saw it as another hour I could zone out so it wasn’t a bad thing.

  11. 350 notifications on my phones outlook. Never even open that shit until I need to see if a day off is approved, even then only that email is opened lol.

  12. My email is a nightmare of people who think I need to be cc’ed on some bullshit .

    I hate having mid tier authority. Way too many people want to pretend I have time to read their nonsense

  13. Ever ask your coworkers if they opened that urgent email.

  14. I fill out the phishing forms but I type in the most vile curses I can think of as username and password fields, I populate all other fields with curses as well. Company can’t say shit since according to me I’m only reaponding to a scammer, not my boss.

  15. Exactly why security dept is useless… until they’re really not useless.

    Point being that they do a lot but if they’re valuable, nobody should notice.

  16. The phishing test where I work requires you to forward the email to the people working with them, so simply ignoring it is a failure technically.

  17. to “pass” in the past I have had to report the email as phishing attempt.

  18. We know who doesn’t open, they have their own category for reporting and risk.

    We want to know people can identify so anyone who hasn’t proven it will get additional training by other means.

  19. … and sms’s, and social media posts, and messaging, and push notifications – anything with a clink to lick. also, electricity seeping out of the plug can be a concern in older buildings. seriously tho – if ur an iPhone user in the US, you DO need to check out novoShield.

  20. My company also tracks how many phishing emails you fail to report as phishing, unfortunately.

  21. I clicked the link out of curiosity and got reprimanded that I’d failed the test lol

  22. We have a user on our network who replies to any email that contains an attachment stating that its a security risk and that if you want to send an attachment you should upload the file to a cloud system and include a link in your email. Which is of course absolute bollocks, especially considering our system is exceptionally secure.

  23. IT here, I’m definitely sending this meme to Slack

Leave a reply