Author Topic: FAKE Phishing !?!  (Read 175 times)

0 Members and 1 Guest are viewing this topic.

Offline Friendly Angel

  • Stopped Going Outside
  • *******
  • Posts: 4554
  • Post count reset to zero in both forum apocalypses
FAKE Phishing !?!
« on: November 22, 2019, 03:26:28 PM »
My company created its own phishing e-mail and sent it to everybody to see how many people would fall for it.

The e-mail looked like it was coming from our own IT and said your password was compromised and click here to re-instate;  phishing link then stole names and credentials of employees.

I'm not sure how I feel about this trickery, but I feel even less positive about how many people it apparently fooled.  We just got an e-mail about it.

I didn't remember it at first, but it's in my deleted folder.  I'm pretty sure I didn't click, but it was convincing.
Amend and resubmit.

Offline PANTS!

  • One leg at a time.
  • Poster of Extraordinary Magnitude
  • **********
  • Posts: 12147
  • What seals? I auditioned for this job.
Re: FAKE Phishing !?!
« Reply #1 on: November 22, 2019, 03:30:02 PM »
Yeah - They are doing it here too.  I have caught it three times out of three, and I hope to God that mans they don't waste my time anymore. 

I also am unsure of the tactic.  Not the least of which is that they put the responsibility of the bad-click onto the victim.
Now where I come from
We don't let society tell us how it's supposed to be
-Uptown, Prince 👉

The world is on its elbows and knees
It's forgotten the message and worships the creeds

Offline Friendly Angel

  • Stopped Going Outside
  • *******
  • Posts: 4554
  • Post count reset to zero in both forum apocalypses
Re: FAKE Phishing !?!
« Reply #2 on: November 22, 2019, 03:30:50 PM »
I predict we're in for some training.
Amend and resubmit.

Offline Morvis13

  • Big Ol' Goober
  • Planetary Skeptic
  • *
  • Posts: 25712
  • Natural Source of Paranoia
Re: FAKE Phishing !?!
« Reply #3 on: November 22, 2019, 03:36:07 PM »
at my old company they did this and provided pizza with the training. people would click the phish just to get free lunch.
Murphy's Law: Anything that can go wrong will go wrong.
Morvis' Law: Anything that does go wrong is my fault.

Online st3class

  • Keeps Priorities Straight
  • ***
  • Posts: 397
Re: FAKE Phishing !?!
« Reply #4 on: November 22, 2019, 03:55:20 PM »
They do it regularly at my company, and I actually think it's a good idea.

For one thing, they have made it very easy to report phishes. We just a push a button in Outlook and everything is done for you.

Also, being on the lookout for IT-generated phishes means you're also on the lookout for real phishes. What I would really like to see is some reward for spotting a certain number of phishes.
It's always more complicated than that.

Offline HighPockets

  • Frequent Poster
  • ******
  • Posts: 2215
Re: FAKE Phishing !?!
« Reply #5 on: November 22, 2019, 04:25:31 PM »
we've got the same PhishMe button for outlook, we get entered into a drawing for a $25 gift certificate once a month every time you identify a valid scam.
Everyone you will ever meet knows something you don't.

Offline Soldier of FORTRAN

  • Poster of Extraordinary Magnitude
  • **********
  • Posts: 10248
  • Cache rules everything around me.
Re: FAKE Phishing !?!
« Reply #6 on: November 22, 2019, 05:02:30 PM »
I'm for it.

Security policy requires compliance.  A little Red Teaming now and again mitigates complacency. 

Remember: Security is a daily practice.
... in war the screams are loud and harsh and in peace the wail is so drawn-out we tell ourselves we hear nothing.

Offline The Latinist

  • Cyber Greasemonkey
  • Technical Administrator
  • Reef Tank Owner
  • *****
  • Posts: 8186
Re: FAKE Phishing !?!
« Reply #7 on: November 24, 2019, 03:41:47 PM »
I hate to admit it, but I clicked on a more subtle phishing E-mail last week.  Safari caught it and wouldn’t let me visit the site.  I’m also certain that I wouldn’t have given my actual credentials. Still, it will drive out the complacency on my end.
I would like to propose...that...it is undesirable to believe in a proposition when there is no ground whatever for supposing it true. — Bertrand Russell

Offline John Albert

  • Too Much Spare Time
  • ********
  • Posts: 7139
Re: FAKE Phishing !?!
« Reply #8 on: November 25, 2019, 01:24:41 PM »
This is a pretty common tactic of IT security teams in corporate America. I've been encountering these kinds of 'tests' for decades. Even got caught up in them once or twice.

 

personate-rain
personate-rain