Transcript

Panel 1: [Coworker in a red tie with dark hair leans into the cubicle of IT who is busy on a computer, a key card or ID hangs around his neck]

Coworker: I clicked an email link and it says I need training?

Panel 2: [IT stops working and looks irritated]

IT: Ah yes. The Training.

Panel 3: [IT sprays the coworker with a spray bottle]

FSHSSSH

FSHSSSH

FSHSSSH

IT: BAD! THAT WAS BAD!

Panel 4: [IT continues spraying the coworker, now crouching down hands raised defensively as the water is sprayed in his face. IT ha a look of glee on his face as another coworker walks by with a look of concern on her face, papers in hand.]

FSHSSSH

FSHSSSH

FSHSSSH

FSHSSSH

FSHSSSH

Coworker: HISSS!

Alt Text

The next training module unlocks after three hisses

.

Source

    • rustydrd@sh.itjust.works
      3·
      3 hours ago

      I recently had one that was like “Due to recent events, we feel it necessary to remind everyone about the regulations in the Code of Conduct about accepting gifts from clients. Please read the CoC if you have not done so and confirm you have read it via this link. Signed HR”. The link was fake, and the sender address was, too. It was a good fake though, because we actually do have a CoC and have to read/confirm about once a year. So I’m pretty sure it was a test to select people for training.

      • ComfortableRaspberry@feddit.org
        5·
        6 hours ago

        My rule of thumb is: if it’s something nice for me, it’s not real (more money, goodies, more vacation days, …) and it worked pretty good so far. There was only one fake cyber security training invitation which kind of felt like not the most constructive idea…

        • affenlehrer@feddit.org
          8·
          6 hours ago

          Yeah, also urgency is a big red flag for me. Almost all phishing messages are like “log in immediately or something bad happens”

        • mlg@lemmy.worldEnglish
          5·
          6 hours ago

          tbf I got one that was trying to warn me of incorrect tax info which needs to be resolved only a month after I started lol.

          Wasn’t gonna click the link but I did do a double take because they formed it really well like a proper spear phish email would.

          Of course my job at some point involved memeing with gophish templates so I don’t think they’ll ever get me, especially when I’m using a proper client that lets me immediately swap to HTML and see the blocked image tracker tag lol.

        • drolex@sopuli.xyz
          2·
          6 hours ago

          Something good happens to me -> wait a minute, this is a trap!

          Something bad happens to me -> all according to plan

          Words to live by.

      • slazer2au@lemmy.worldMEnglish
        1·
        6 hours ago

        If phish.me or kn4b are in the header I assume it’s spam and I have rules in every email account to scrap them to a special folder so I can report them to give the false positive that I identified the test.