Transcript

Panel 1: [Coworker in a red tie with dark hair leans into the cubicle of IT who is busy on a computer, a key card or ID hangs around his neck]

Coworker: I clicked an email link and it says I need training?

Panel 2: [IT stops working and looks irritated]

IT: Ah yes. The Training.

Panel 3: [IT sprays the coworker with a spray bottle]

FSHSSSH

FSHSSSH

FSHSSSH

IT: BAD! THAT WAS BAD!

Panel 4: [IT continues spraying the coworker, now crouching down hands raised defensively as the water is sprayed in his face. IT ha a look of glee on his face as another coworker walks by with a look of concern on her face, papers in hand.]

FSHSSSH

FSHSSSH

FSHSSSH

FSHSSSH

FSHSSSH

Coworker: HISSS!

Alt Text

The next training module unlocks after three hisses

.

Source

  • FuglyDuck@lemmy.worldEnglish
    28·
    12 hours ago

    They do that here routinely. The last time they sent it using the email account that is basically the one email that you do not ignore because they use it for urgent “please push the patch asap” type emails.

    If that email is compromised they got bigger issues.

    • surewhynotlem@lemmy.world
      2·
      3 hours ago

      that email is compromised they got bigger issues.

      Sending an email doesn’t have authentication. I can send an email as literally anyone. It’s a very trusting protocol.

      Now, if your company is particularly good they might have set up protections from this. But it’s not required, and not super common.

    • Otter@lemmy.caM
      5·
      7 hours ago

      What would that be testing, whether the users are psychic? If the email sender is legitimate, then what else would users need to do?

      • FuglyDuck@lemmy.worldEnglish
        3·
        7 hours ago

        my team actually does pretty good with the cyber security checks. the people running the have to meet a certain amount of metrics so they figured “hey if we send it from this one email, everyone is going to trust us!” … because that’s what they’re supposed to do… Which makes a terrible thing to do. because now they’re always going to be asking if this new email is another test.

        (Bruh. if you want us to go to training, just ask.)

    • kibblebits@quokk.auEnglish
      18·
      12 hours ago

      They bought a domain name similar to ours and sent out emails with links to the domain and a clone login page. Pretty sneaky.

      • Otter@lemmy.caM
        7·
        7 hours ago

        At a previous job, they used to send them fairly often, using various tricks to keep people on their toes. I found it fun

        • Nighed@feddit.ukEnglish
          3·
          6 hours ago

          All of ours have phishing in the URLs or in the email headers, if only real phishers were so nice!