|
We have those emails monthly. We are also a financial institution so I think it's perfectly reasonable to expect employers not to be idiots with security.
|
# ? Nov 17, 2023 23:49 |
|
|
# ? May 5, 2024 14:58 |
|
bamhand posted:We have those emails monthly. We are also a financial institution so I think it's perfectly reasonable to expect employers not to be idiots with security. I work for a company that makes training for financial institution types, none of our information or knowledge is secret it's literally just repackaging law updates, statues, etc. into slightly more easily digestible forms. I (and everyone else) receive 1-3 phishing test emails a day.
|
# ? Nov 18, 2023 00:04 |
The people who design the phishing tests can be real fuckers. A former friend worked at Google was also friends with some of the penetration testing team who told him about their biggest hit: a very senior employee that had been there basically since the founding of the company and was in charge of a bunch of sensitive projects that they judged would be of interest to a state level actor. So they used info from the guy's LinkedIn profile to see when he hit either 15 years with the company (can't remember which) and then FedExed him a large congratulations package at work (main mail drop address, "Attn: Employee Name") a few months later. One of the many professionally done items was a custom engraved crystal plaque which lit up with Google colors... for a couple minutes at which point the included power adapter died. But don't worry there was also a usb cord!
|
|
# ? Nov 18, 2023 00:17 |
|
That's amazing but: is there any evidence that real phishing attempts are ever that intricate?
|
# ? Nov 18, 2023 00:31 |
|
Impermanent posted:That's amazing but: is there any evidence that real phishing attempts are ever that intricate? Greetings my dear, Today our records indicated that you have won a $500 AMAZ0N giftcard! Please click here to keep your account from permanently being deleted. Sincerely, Tom MacDonald
|
# ? Nov 18, 2023 01:43 |
For a state level actor after something really critical it could be a plausible spear-phishing scenario but there's no way that it would deployed against some Google search developer. Google employees tend to have a pretty inflated opinion about the importance and value of their ad-sales empire
|
|
# ? Nov 18, 2023 03:06 |
|
Google did get phished by state actors in the early teens, IIRC. It was a big deal.
|
# ? Nov 18, 2023 03:43 |
|
My org also does phishing tests, but they aren't too difficult to detect. There was a period of a few months where some of them were pretty goofy, and I think the person writing them got told to tone it down. Here is my favourite, about a poor astronaut trapped on the ISS. Will you help get him down? IT posted:Dear Mr. Sir,
|
# ? Nov 18, 2023 06:27 |
|
Poldarn posted:My org also does phishing tests, but they aren't too difficult to detect. There was a period of a few months where some of them were pretty goofy, and I think the person writing them got told to tone it down. I’d almost want to wire a few bucks for the chuckle that brought me. BRINGE MAJOR TUNDE HOME
|
# ? Nov 18, 2023 06:48 |
|
I don’t think I’ve posted this here, but I’m I’m haunted by the call I few weeks ago:quote:“Hi I’m (arbitrary white girl name), you said you’d call me back, do you remember? I talked to my (old) mom about this, and she got it in the newsletter for her community, but wow such cynicism to come up with this. I just said “oh for gently caress’s sake” and hung up, but goddamn in retrospect I wish I asked if they had a conscence.
|
# ? Nov 18, 2023 07:03 |
|
Impermanent posted:That's amazing but: is there any evidence that real phishing attempts are ever that intricate? the buttcoin thread has had some dumbasses getting usb chargers that they remember ordering and then using.
|
# ? Nov 18, 2023 07:37 |
|
My org also does phishing tests, but they aren't too difficult to detect. There was a period of a few months where some of them were pretty goofy, and I think the person writing them got told to tone it down. Here is my favourite, about a poor astronaut trapped on the ISS. Will you help get him down? IT posted: Dear Mr. Sir, I am Dr. Bakare Tunde, the cousin of Nigerian Astronaut, Air Force Major Abacha Tunde. In the 14-years since he has been on the station, he has accumulated flight pay and interest amounting to almost $ 15,000,000 USD. If we can obtain access to this money, we can place a down payment with the Russian Space Authorities for a Soyuz return flight to bring him back to Earth. I am told this will cost $ 3,000,000 American Dollars. In order to access the his trust fund we need your assistance. My colleague and I are willing to transfer you the 3,000,000 USD in order to help bring him home. Kindly expedite action as we are behind schedule to enable us include downpayment in this financial quarter. Please click on this link to enter your banking information. Yours Sincerely, Dr. Bakare Tunde Astronautics Project Manager perfection
|
# ? Nov 18, 2023 10:50 |
|
An old job at $megacorp had a report phishing button. It would auto remove the email from your mailbox and send it to cybersecurity. If it was fake (or I presume, a test), no reply. A week later I would sometimes get an email back saying the email was legitimate. With no way to get the original email back, read or reply to it. Which was a great way for my boss or HR to then ask me why I hadn't done whatever the email was about.
|
# ? Nov 18, 2023 10:50 |
|
Perfectly formatted, apparently from the correct domain email that talks about relevant activities in a timely manner and makes a reasonable request. IT phising test. Dear <misspelled surname> You must resolve this issue with your payments celery. If you do not you might not get enough money in your next payments. Payments.ru/banking/safe Please be kind enough to click this link and fill in your personal details so we can resolve. If you do not your manger will be informationed. Best God bless Sarah Legitimate email from hr that requires immediate attention
|
# ? Nov 18, 2023 11:05 |
|
URL isn’t working for me
|
# ? Nov 18, 2023 13:25 |
|
Actual cyber and phishing that we’ve seen has included spoofing our own emails down to formatting and sender. We’ve also had a company who gets compromised have their email server immediately used to phish all their contacts using manually prepped messages continuing recent email conversations. The threat is real, is what I’m saying.
|
# ? Nov 18, 2023 16:10 |
|
Shifty Pony posted:The people who design the phishing tests can be real fuckers. The Google security team has a tradition of attempting to (with consent) steal the password of coworkers who are leaving the security team. The attacks are frequently semi elaborate, but also good practice as it allows them to think creatively to find possibly existing security holes through which to act. My favorite part is that TEMPEST attacks are banned for being too easy, which I feel gives an idea of the level of effort. Impermanent posted:That's amazing but: is there any evidence that real phishing attempts are ever that intricate? I don't expect that these get publicized much for obvious reasons, but Google is absolutely dealing with the Mossad side of the Mickens Mossad/Not Mossad dichotomy. Snowden's leaked content shows that this is absolutely a valid level of concern.
|
# ? Nov 18, 2023 16:44 |
|
I went to listen to a podcast on my phone this morning and got one of those McAfee "scanning device/THREAT FOUND!" popups which I've never experienced on that device before.
|
# ? Nov 18, 2023 16:50 |
|
BiggerBoat posted:I went to listen to a podcast on my phone this morning and got one of those McAfee "scanning device/THREAT FOUND!" popups which I've never experienced on that device before. Straight to factory reset, right away. Long answer: long press the notification so you can see which app actually sent it, and then press the little options button to go to notification preferences for that app, then click the app's icon in the preferences window to go to its main preferences, and click "uninstall" Volmarias fucked around with this message at 16:57 on Nov 18, 2023 |
# ? Nov 18, 2023 16:55 |
|
BiggerBoat posted:I went to listen to a podcast on my phone this morning and got one of those McAfee "scanning device/THREAT FOUND!" popups which I've never experienced on that device before. The threat was that some guys were going to show up to your house and poo poo in your mouth.
|
# ? Nov 18, 2023 19:45 |
|
BiggerBoat posted:I went to listen to a podcast on my phone this morning and got one of those McAfee "scanning device/THREAT FOUND!" popups which I've never experienced on that device before. I hope you took care of the threat.
|
# ? Nov 18, 2023 23:59 |
|
Impermanent posted:That's amazing but: is there any evidence that real phishing attempts are ever that intricate? I mean given that "social engineering" is just a phrase to make the concept of spying palatable to tech brains, sure Why this one time mossad social engineers planted palm trees above Syrian artillery positions and claimed it was for shade, little did they know it was a 'zero day kinetic red team hack' in which Israel then blew them to pieces Strategic Tea fucked around with this message at 15:04 on Nov 19, 2023 |
# ? Nov 19, 2023 15:01 |
|
An administrator at Solna City, close to Stockholm in Sweden has over a few years transferred over 4 M SEK (~380K USD) from city funds to a scammer. She believed all the time that she was talking to Mick Jagger from the Rolling Stones and that they would get married and be together forever
|
# ? Nov 20, 2023 12:12 |
|
axolotl farmer posted:An administrator at Solna City, close to Stockholm in Sweden has over a few years transferred over 4 M SEK (~380K USD) from city funds to a scammer. Forever for Jagger is what, another 4 years? Sheesh.
|
# ? Nov 20, 2023 16:53 |
|
A school principal tried to send 100k of the school's money to a fake Elon Musk: "I am a very smart lady. Well-educated. I fell for a scam,” McGee said at the meeting, before claiming she had been groomed into handing over the cash." https://fortune.com/2023/04/03/school-principal-quits-fake-elon-musk-scam-florida/
|
# ? Nov 20, 2023 19:13 |
|
I keep forgetting that Jagger is still alive and making toxicologists question their research.
|
# ? Nov 21, 2023 09:39 |
|
Collateral Damage posted:I keep forgetting that Jagger is still alive and making toxicologists question their research. Jagger nothing, Keith Richards is the one pushing up LD50s for everything he can cram in his mouth.
|
# ? Nov 21, 2023 10:27 |
|
Oh right, I got them mixed up.
|
# ? Nov 21, 2023 12:01 |
|
The trapped astrounaut scam has a kinda interesting history.
|
# ? Nov 21, 2023 17:47 |
|
Wee Bairns posted:The trapped astrounaut scam has a kinda interesting history. That's fascinating.
|
# ? Nov 21, 2023 18:48 |
|
quote:“I am a very smart lady. Well-educated. I fell for a scam,” McGee said at the meeting, before claiming she had been groomed into handing over the cash. First off I don't think she's "very smart", and that's not what "grooming" means, so I'm doubting that she's "well-educated" too. Got a feeling she's picked up chuds' chanting of GROOMER GROOMER GROOMER all the time and selected that word specifically to pick up some pity points.
|
# ? Nov 21, 2023 19:02 |
|
Wee Bairns posted:The trapped astrounaut scam has a kinda interesting history. I guess if you try a scam long enough, someone is going to fall for it.
|
# ? Nov 21, 2023 20:55 |
|
Weatherman posted:First off I don't think she's "very smart", and that's not what "grooming" means, so I'm doubting that she's "well-educated" too. Uh What do you think "grooming your successor" means? The usage is perfectly fine in this context, it doesn't have to be sexual in nature.
|
# ? Nov 21, 2023 22:53 |
|
And she might well be very smart. Being smart is no defense against these scams.
|
# ? Nov 21, 2023 23:02 |
|
If there is one kind of person scammers love to encounter, it's someone who believes they are too smart to fall for scams.
|
# ? Nov 21, 2023 23:04 |
|
As if goons know anything about grooming.
|
# ? Nov 22, 2023 01:05 |
|
wesleywillis posted:As if goons know anything about grooming. Mods(?! or . Your call)
|
# ? Nov 22, 2023 01:22 |
|
Volmarias posted:Uh Yeah, fair point. I've just (1) heard chuds complaining about supposed groomers so much recently that my brain snapped to that meaning, and (2) thought that "fooled" was a much better word for the situation. Or "suckered". I still think she was trying to evade responsibility by choosing "groomed".
|
# ? Nov 22, 2023 10:23 |
|
It’s always funny when folks fall for this sort of scam but I think a lot of the time, they are terribly lonely people who are vulnerable to the right approach at the right time. Or senile or otherwise disadvantaged to some degree. All that said, folks who blithely click through security training and consequently fall for dumb cons out of willful ignorance need to get their poo poo sorted out
|
# ? Nov 28, 2023 12:22 |
|
|
# ? May 5, 2024 14:58 |
|
But you don't understand, it's mean to do effective anti-phishing training
|
# ? Nov 29, 2023 04:35 |