| ▲ | Workaccount2 6 days ago |
| My It department does mandatory phishing training every year, and then for the "test" e-mails, they spoof a domain and whitelist the DMARC on their side so it goes through. So we get e-mails from @microsoft.com and it's only if you dig in the metadata that you see it failed authentication. The only tell in the e-mail is checking the URL, which doesn't tell you much because tons of regular e-mails use tracker redirects too. They even send emails from our own domain or the domain of our payroll company. I won't type out my rant, but our IT department is a few guys who couldn't figure out what to do when their competitive xbox FIFA 2006 dreams failed, heard IT pays a lot with not much work, and then sat through the certs. |
|
| ▲ | stronglikedan 6 days ago | parent | next [-] |
| > heard IT pays a lot with not much work I want to live in this fantasy world! (Our IT dept is so overworked that I go out of my way to work around them purely out of empathy.) |
| |
| ▲ | throwawaylaptop 6 days ago | parent [-] | | Every industry has its bad employers and good. I know teachers that make $50k and no pension, with others making $93k, halfways to their pension at 35yrs old, get almost 12 weeks off total a year, and work from 8am to 3pm (1 hour lunch, 1 hour for 'prep' aka Netflix) and home by 335, and no, they basically never do any work at home. She technically has students (10 year olds she sends links to for their chrome books) about 5x53 minutes a day. | | |
| ▲ | fair_enough 6 days ago | parent [-] | | That sounds like a good semi-retirement gig just to get out of the house for a little while. If you're teaching the tech-related electives rather than mandatory core courses, the students are likely a lot more pleasant to deal with. I took German just to get away from the all the kids taking Spanish or French who were just there because they have to get their foreign language credit. | | |
| ▲ | throwawaylaptop 5 days ago | parent [-] | | Yes, just what we need, retired people with a whole career of making income behind themselves taking another decent entry level job someone one just out of college can get. (No teaching credential needed for substitute teachers usually) | | |
| ▲ | fair_enough 5 days ago | parent [-] | | If a semi-retired engineer with 2-4 decades of work experience makes a better public high school STEM teacher, then I hope a lot more engineers do it as a semi-retirement gig. The aspiring career schoolteachers will just have to find a job in a field that is short-staffed, like registered nurses or one of the trades. I'm sure that comes across as "let them eat cake" to some Bernie moron, but going back to school for 6 months is small potatoes, and doing a little market research before making big financial decisions like choosing your college major in the first place is basic adult responsibility. If we apply the "lump of labor" fallacy everywhere else honestly and consistently, we would have to be opposed to immigration and trade because "those damn foreigners" went and "took er jerbs". https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRtkJaZ... | | |
| ▲ | throwawaylaptop 4 days ago | parent [-] | | I am 100% opposed to immigration too. | | |
| ▲ | fair_enough a day ago | parent [-] | | You're opposed to immigration until you personally can have greater freedom or a higher standard of living somewhere else. | | |
| ▲ | throwawaylaptop 9 hours ago | parent [-] | | No doubt I could enjoy a better life somewhere in the world. But I dont expect that country to let me move there and give me their opportunities. |
|
|
|
|
|
|
|
|
| ▲ | bongodongobob 6 days ago | parent | prev | next [-] |
| No one in IT wants to deal with that stuff. Upper management requires it for compliance and cyber insurance. |
|
| ▲ | BobbyTables2 4 days ago | parent | prev | next [-] |
| My company does similar phishing thing. Except their system adds extra headers related to the phishing… Wonder if they even know… Thus, I created an Outlook rule to automatically move them to a dedicated folder… (;-> |
|
| ▲ | fair_enough 5 days ago | parent | prev | next [-] |
| My university pulled the same BS 10-15 years ago. The worst part is that they sent the "test" email from the same email address they use for all of their other announcements, and then had the gall to send an automated "shame on you" reply if you clicked their link. Knowing what I know now about the IT staff and professors and knowing in hindsight only 3-4 of my CS classes were of any relevance to my work, I seriously regret not cheating my way through undergrad. I wish I could take back the time I wasted on Java and spend it with my N64. |
|
| ▲ | cameron_b 6 days ago | parent | prev [-] |
| Hey, simulating the hack is a lot better than using some canned tool with blatant knowbe4 urls. |
| |
| ▲ | Workaccount2 6 days ago | parent | next [-] | | The problem is that if you click one of the links, you need to do (well sort of) the hour long phishing class and testing again. But of course, nowhere in the class do they say anything about not trusting e-mails from a known safe domain. Whats funny though is that if you click the link in a phishing test, they will e-mail you to complete the training. But there is no enforcement (general management doesn't care), so you just get a daily e-mail telling you that you are overdue. It also however stops them from sending the fake phishing emails. So a bunch of us clicked the phishing link, marked the "do your training" e-mail as spam, and now never get bothered. | | |
| ▲ | arcfour 5 days ago | parent [-] | | Where I was, they tracked who didn't do it, and came down on them, then their manager, and then it became an HR issue. Only one or two people went down the HR path, and then they did the training pretty quickly. Of course it didn't start harsh, just "hey, a reminder, we are tracking this and you need to do it" but when you blatantly ignored it the response got more firm. Also, the last one I took they talked about phishing using a malicious Google docs link IIRC. Anecdotes don't mean you know everything about a system. |
| |
| ▲ | 201984 6 days ago | parent | prev | next [-] | | For anyone subjected to these, they usually contain the header X-PHISHTEST which you can create a filter for, and then either send them to trash or put them in a special folder so you can report them later. | |
| ▲ | bongodongobob 6 days ago | parent | prev [-] | | You can use whatever urls you like. |
|
