I’m not in cyber security. My role requires me to interact with a lot of people, work on a bunch of different SharePoint links, and on top of that corporate sends a shit pile of email links to training, peakon surveys, and stuff like that. When I started my new job (3 years ago now), I had a pile of training to do as well as my usual work.
I would be fully focused, keyboard clacking loudly and ding! Email. grumble who the fuck is this now? Oh some stupid training link… wham. Phishing training. Fell for it 3 times.
The whole Microsoft 365 system seems to be quite vulnerable to phishing. Sometimes SSO works, sometimes you need a password, maybe 2FA, maybe not. Many microsoft notification emails come from external sources (with a big banner “this email comes from an external sender, be cautious”).
This makes it hard for our brains to spot the small differences that make a phishing campaign successful.
The solution is to suspect every external message and send them all to the phishing mailbox. Tell your boss that you are following the phishing training that you did first.
They will have to get their shit together and send important messages from internal mail addresses. That’s just laziness.
At my work, the bogus phishing attacks are overly believable. They’ll even come from a known in-house email account.
I’ve been dinged twice while otherwise occupied. I’ve stopped checking my email altogether. Play stupid games, win stupid prizes. I am being paid to do a job.
Same. IT has inside info no real phishers will have. So far only got dinged once, but that’s enough. I was already terrible about answering emails, now I’ll be worse.
I’m not in cyber security. My role requires me to interact with a lot of people, work on a bunch of different SharePoint links, and on top of that corporate sends a shit pile of email links to training, peakon surveys, and stuff like that. When I started my new job (3 years ago now), I had a pile of training to do as well as my usual work.
I would be fully focused, keyboard clacking loudly and ding! Email. grumble who the fuck is this now? Oh some stupid training link… wham. Phishing training. Fell for it 3 times.
The whole Microsoft 365 system seems to be quite vulnerable to phishing. Sometimes SSO works, sometimes you need a password, maybe 2FA, maybe not. Many microsoft notification emails come from external sources (with a big banner “this email comes from an external sender, be cautious”).
This makes it hard for our brains to spot the small differences that make a phishing campaign successful.
The solution is to suspect every external message and send them all to the phishing mailbox. Tell your boss that you are following the phishing training that you did first.
They will have to get their shit together and send important messages from internal mail addresses. That’s just laziness.
Haha, love it
At my work, the bogus phishing attacks are overly believable. They’ll even come from a known in-house email account.
I’ve been dinged twice while otherwise occupied. I’ve stopped checking my email altogether. Play stupid games, win stupid prizes. I am being paid to do a job.
Same. IT has inside info no real phishers will have. So far only got dinged once, but that’s enough. I was already terrible about answering emails, now I’ll be worse.
If employers don’t want employees to get phished, a good first step is to not overwork them…