| ▲ | subscribed a day ago | |
In my company I regularly see genuine, legitimate emails that carry several huge red flags, like these conveyed to us on trainings. If I can plausibly claim I wasn't sure it was legit (ie it was sent from the outside form the sketchy looking host), I'd always report it internally as phishing attempt. Just to make the security work with it. | ||
| ▲ | marysol5 13 hours ago | parent [-] | |
There's also something about "admin" and "HR" systems in companies where they ignore everything they told you not to do. I don't think I've worked anywhere yet that does 2FA, SSO, or even a vaguely usable system that doesn't look like it was made 30 years ago in these departments. Which is extra troubling as these systems are the ones with the PII! | ||