• some_guy@lemmy.sdf.org
    link
    fedilink
    arrow-up
    1
    ·
    6 months ago

    Made me laugh, stopping pre-work scrolling and ending on a high note. Let me send you my passwords…

      • dan@upvote.au
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        6 months ago

        The thing that doesn’t make sense to me is when vendors have their own domain and site but they use a freemail account (Yahoo, Hotmail, Gmail, etc). If you really want to run your business using a free service, at least use an email forwarder at your domain.

  • Boozilla@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    6 months ago

    I will think about this every time we have a meeting to discuss the stupid “shame and train” faux phishing attacks they run on us at work.

    Pro-Tip: If you set up the right kind of filtering you’ll never see those stupid things. (Fight club rules).

    • ozymandias117@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      The one they use at my work is extra silly, as it adds an extra email header saying it’s coming from a phishing campaign

      • frickineh@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        Ours do that too. It’s so obvious that I’m not sure if they think we’re all stupid, except then I remember that some of my coworkers actually are stupid, so it’s probably aimed at them.

        • cm0002@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          6 months ago

          except then I remember that some of my coworkers actually are stupid, so it’s probably aimed at them.

          I work in IT and have done these campaigns, if you’re on Lemmy, you’re probably not the target audience lmao

          • LowtierComputer@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            There’s an older guy in my group who rants and raves about how all the new training is a waste of time. Discrimination, harassment, safety, information security, all of it. But he specifically hates the fraud and phishing training.

            He’s the only one in our group that has failed any of the test emails.

        • jballs@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          I’ve worked with a dude for years who I would consider smart both technically and non-technically. One time we got an email at work with an attachment that was something like “microsoft_update.exe.txt”. The email said “due to a technical limitation on the email system, this file needs to be renamed to drop the .txt and executed to apply a critical to your computer.”

          It was, in my mind, such an obvious phishing attempt that I laughed out loud and said “who the fuck would ever fall for this?” Then my coworker popped his head over the cube wall and said “WAIT WHAT? We weren’t supposed to run that?!”

          Fortunately, the security team sat nearby and heard the whole thing and rushed over to quarantine his PC

            • groet@feddit.de
              link
              fedilink
              arrow-up
              0
              ·
              6 months ago

              You DONT want to turn it off. Digital forensics work WAAAAAAY better if you have a memory dump of the system. And all the memory is lost if you turn it off. Even if the virus ran 10h ago and the program has long stoped running, there will most likely still be traces in the RAM. Like a hard drive, simply deleting something in RAM doesn’t mean it is gone. As long as that specific area was not written over later it will still hold the same contenta. You can sometimes find memory that belonged to a virus days or even weeks after the infection if the system was never shut down. There is so much information in ram that is lost when the power is turned off.

              You want to 1: quarantine from network (don’t pull the cable at the system, but firewall it at the switch if possible) 2: take a full copy of the RAM 2.5: read out bitlocker keys if the drive is encrypted. 3: turn off and take a bitwise copy of the hard drive or just send the drive + memory dump to the forensics team. 4: get coffee

    • Hossenfeffer@feddit.uk
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Alternatively, over-report. Spelling mistake on an email from a colleague? Seems phishy to me. Email from a colleague with an attachment? Phishy! Unsolicited email from a client? Phishy! Email from ‘social committee’ sent to everyone in the team? Phishy!!!

    • Atomic@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      Summer2024 Autumn2024 Spring2024 Winter2024

      Are the most common passwords for regular employees. Update the year with the current or previous one.

      Source: I was in IT.

      P.s. if you have access to the physical location. Look for post-it notes under the keyboard.

      • TexasDrunk@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        Under the keyboard? The company you worked for must be some sort of security company or financial institution. I’ve seen them stuck on the damn monitor.

      • 𝔼𝕩𝕦𝕤𝕚𝕒@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        Oh shit, stealing this. Tired of changing the number on my overly long password. It’s just inconvenient to type 32 charachters when “SeasonYear” would work.

        Bro just made an unknown company a little less secure 💀