Yearly training on this kind of crap for over a decade now… and once again this proves that social engineering will find a way and you can’t fix stupid.
I look forward to my corporate overlords shoving extra training on this kind of thing soon.
The hilarious thing about these events is when legitimate e-mail begins to look like phishing. After some personal information was stolen from my employer, they drilled into us the importance of recognizing phishing attempts, and then signed us up for some third-party credit score monitoring program without telling us. And then the powers that be wondered why nobody seemed to taking advantage of this after getting e-mails telling us to log in to the website we had never heard of.
Executive promotions all round!
Somewhere, some phisher who hadn’t thought ahead, is trying to figure out what to do with the launch codes.
From now on, if someone asks me for sensitive data over email, I will demand they ask me in person and physically hand over their gpg public key to me at the same time.
Our accounting group gets “stranded send money” emails from our CEO and the CEO of our parent company… They have gotten a wee bit more believable over the years.
Yeah but just asking for ‘ALL THE W2s’ should set of some hey wait a minute bells.
Then again when I used to have access to the servers that had PII data (all tied up in SQL that we didn’t actually have access to but whatever) I had to scan my local machine every 90 days, register the laptop every six months and get a background check every 2 years so I am just used to a more paranoid working environment.
This topic was automatically closed after 5 days. New replies are no longer allowed.