![Acceptable Use Pawlicy [TrueNuff]](https://lemmy.world/pictrs/image/c1e2ddf4-6afb-48f1-aede-85c3359f36ad.jpeg){kind=link}
Transcript
Panel 1: [Coworker in a red tie with dark hair leans into the cubicle of IT who is busy on a computer, a key card or ID hangs around his neck]
Coworker: I clicked an email link and it says I need training?
Panel 2: [IT stops working and looks irritated]
IT: Ah yes. The Training.
Panel 3: [IT sprays the coworker with a spray bottle]
FSHSSSH
FSHSSSH
FSHSSSH
IT: BAD! THAT WAS BAD!
Panel 4: [IT continues spraying the coworker, now crouching down hands raised defensively as the water is sprayed in his face. IT ha a look of glee on his face as another coworker walks by with a look of concern on her face, papers in hand.]
FSHSSSH
FSHSSSH
FSHSSSH
FSHSSSH
FSHSSSH
Coworker: HISSS!
Alt Text
The next training module unlocks after three hisses
.
Yes, you can identify them by the X-Phish header. I hope real phishing mails have it too
My rule of thumb is: if it’s something nice for me, it’s not real (more money, goodies, more vacation days, …) and it worked pretty good so far. There was only one fake cyber security training invitation which kind of felt like not the most constructive idea…
Yeah, also urgency is a big red flag for me. Almost all phishing messages are like “log in immediately or something bad happens”
tbf I got one that was trying to warn me of incorrect tax info which needs to be resolved only a month after I started lol.
Wasn’t gonna click the link but I did do a double take because they formed it really well like a proper spear phish email would.
Of course my job at some point involved memeing with gophish templates so I don’t think they’ll ever get me, especially when I’m using a proper client that lets me immediately swap to HTML and see the blocked image tracker tag lol.
Something good happens to me -> wait a minute, this is a trap!
Something bad happens to me -> all according to plan
Words to live by.
If phish.me or kn4b are in the header I assume it’s spam and I have rules in every email account to scrap them to a special folder so I can report them to give the false positive that I identified the test.