this post was submitted on 10 May 2024
1288 points (98.6% liked)

Comic Strips

12619 readers
2815 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

Web of links

founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] cerement@slrpnk.net 105 points 6 months ago (1 children)

when the company has no loyalty to you, why be loyal to the company?

[–] LifeInMultipleChoice@lemmy.world 50 points 6 months ago (2 children)

No need to be, but this is a bad example because if the company can prove you were wreckless intentionally, they have an easy court case and someone now liable for all damages

[–] dudinax@programming.dev 20 points 6 months ago (2 children)
[–] linuxPIPEpower@discuss.tchncs.de 28 points 6 months ago

By showing how you drew a comic about it them posted it to lemmy ofc

[–] razorwiregoatlick@lemmy.world 18 points 6 months ago (1 children)

Given the example from the comic the email he sent would be sufficient proof.

[–] cerement@slrpnk.net 7 points 6 months ago (5 children)

“I was sick the day of training and HR never rescheduled. Why, did I do something wrong?”

load more comments (5 replies)
[–] zarkanian@sh.itjust.works 9 points 6 months ago (1 children)
[–] Kolrami@lemmy.world 6 points 6 months ago

Oddly, "wreckless" might mean the exact opposite.

[–] Boozilla@lemmy.world 88 points 6 months ago (10 children)

I will think about this every time we have a meeting to discuss the stupid "shame and train" faux phishing attacks they run on us at work.

Pro-Tip: If you set up the right kind of filtering you'll never see those stupid things. (Fight club rules).

[–] ozymandias117@lemmy.world 56 points 6 months ago (5 children)

The one they use at my work is extra silly, as it adds an extra email header saying it’s coming from a phishing campaign

[–] frickineh@lemmy.world 53 points 6 months ago (2 children)

Ours do that too. It's so obvious that I'm not sure if they think we're all stupid, except then I remember that some of my coworkers actually are stupid, so it's probably aimed at them.

[–] cm0002@lemmy.world 59 points 6 months ago (1 children)

except then I remember that some of my coworkers actually are stupid, so it's probably aimed at them.

I work in IT and have done these campaigns, if you're on Lemmy, you're probably not the target audience lmao

[–] LowtierComputer@lemmy.world 35 points 6 months ago

There's an older guy in my group who rants and raves about how all the new training is a waste of time. Discrimination, harassment, safety, information security, all of it. But he specifically hates the fraud and phishing training.

He's the only one in our group that has failed any of the test emails.

[–] jballs@sh.itjust.works 24 points 6 months ago (2 children)

I've worked with a dude for years who I would consider smart both technically and non-technically. One time we got an email at work with an attachment that was something like "microsoft_update.exe.txt". The email said "due to a technical limitation on the email system, this file needs to be renamed to drop the .txt and executed to apply a critical to your computer."

It was, in my mind, such an obvious phishing attempt that I laughed out loud and said "who the fuck would ever fall for this?" Then my coworker popped his head over the cube wall and said "WAIT WHAT? We weren't supposed to run that?!"

Fortunately, the security team sat nearby and heard the whole thing and rushed over to quarantine his PC

[–] Emerald@lemmy.world 15 points 6 months ago (1 children)

quarantine his PC

You mean shut it off and steal and the Ethernet cable? Lol

[–] groet@feddit.de 11 points 6 months ago (1 children)

You DONT want to turn it off. Digital forensics work WAAAAAAY better if you have a memory dump of the system. And all the memory is lost if you turn it off. Even if the virus ran 10h ago and the program has long stoped running, there will most likely still be traces in the RAM. Like a hard drive, simply deleting something in RAM doesn't mean it is gone. As long as that specific area was not written over later it will still hold the same contenta. You can sometimes find memory that belonged to a virus days or even weeks after the infection if the system was never shut down. There is so much information in ram that is lost when the power is turned off.

You want to 1: quarantine from network (don't pull the cable at the system, but firewall it at the switch if possible) 2: take a full copy of the RAM 2.5: read out bitlocker keys if the drive is encrypted. 3: turn off and take a bitwise copy of the hard drive or just send the drive + memory dump to the forensics team. 4: get coffee

[–] Emerald@lemmy.world 7 points 6 months ago (1 children)

Why would you be doing digital forensics?

[–] KISSmyOSFeddit@lemmy.world 13 points 6 months ago (1 children)

To find out if nuking that one workstation is enough or if you have to take more drastic measures.

[–] Emerald@lemmy.world 4 points 6 months ago (2 children)

I feel like most companies wouldn't bother with all that. They'd probably just nuke the workstation and call it a day.

[–] KISSmyOSFeddit@lemmy.world 7 points 6 months ago (1 children)

And then get ransomwared a bit later.

load more comments (1 replies)
load more comments (1 replies)
[–] Boozilla@lemmy.world 9 points 6 months ago

Even a smart person can have a bad day / moment of weakness. If you are super busy / stressed out and some email comes that looks like a bullshit request from HR or IT or whatever, it can be tempting to just try to knock it off your plate real quick so you can get back to whatever fire you were fighting.

My tactic these days is I pretty much don't click on ANYTHING in an email, so it's an ingrained habit. If it's a link to something, it's usually one I can navigate to myself using my browser. If it's an attachment, we use a file sharing system that stores these so I can just go to that and see what's in there.

It's inconvenient, and you don't always have these work-around options, but by trying to make into an automatic habit, it has saved me a couple of times.

[–] Boozilla@lemmy.world 5 points 6 months ago (1 children)

That's really funny. It's like you work for Dunder-Mifflin.

load more comments (1 replies)
load more comments (3 replies)
[–] dan@upvote.au 13 points 6 months ago* (last edited 6 months ago)

The Microsoft 365 admins at my workplace were doing something like this. It's got some sort of built-in phishing simulation functionality (I think it's this: https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-simulations). The idea is that the recipient clicks a button in Outlook to report it as suspicious, and get a "congrats you did the right thing" notice.

However, it seems like IT security were unaware of the test, because they started blocking the emails and blackholed the domain the emails linked to (meaning it doesn't resolve on our network any more). They also reported the domain as phishing to some safe browsing vendor we use, which propagated into the blocklist Chrome uses. It was a shared domain Microsoft use for this training (it was one of the domains on this list: https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-get-started?view=o365-worldwide) so Microsoft probably had to deal with un-blocking it...

[–] cerement@slrpnk.net 10 points 6 months ago (4 children)

except too many companies take that extra step of being annoying:

  • you get a write up if you fall for the phishing
  • you get a write up if you don’t fall for it but also fail to report it
  • you get a write up if you don’t fall for it and do report it but don’t use the correct report form
[–] MotoAsh@lemmy.world 9 points 6 months ago (1 children)

We're supposed to forward the spear fishing emails to IT but I always just report as spam and go about my day. Was only nervous the first couple times I ignored an obvious internal phishing test but apparently they don't care if we don't fall for it.

load more comments (1 replies)
[–] HubertManne@kbin.social 7 points 6 months ago

you also fail if you use the right form but don't staple a cover sheet for the tps form followup.

load more comments (2 replies)
[–] Hossenfeffer@feddit.uk 10 points 6 months ago (4 children)

Alternatively, over-report. Spelling mistake on an email from a colleague? Seems phishy to me. Email from a colleague with an attachment? Phishy! Unsolicited email from a client? Phishy! Email from 'social committee' sent to everyone in the team? Phishy!!!

[–] Blueteamsecguy@infosec.pub 6 points 6 months ago (1 children)

Please don't.

I have to initiate those, or it looks bad for compliance. We sell software, we get SOC 2 attestations yearly. We start getting points marked off for very general security and compliance measures customers will question our products and not renew or not purchase in the first place, because if we can't even secure our own employees and promote awareness, what does that say about our product?

Sincerely, the guy everyone hates and makes your work life harder.

load more comments (1 replies)
[–] son_named_bort@lemmy.world 4 points 6 months ago

Received an email about phishing? Oh, you better believe that's phishy!

load more comments (2 replies)
[–] Magister@lemmy.world 8 points 6 months ago (1 children)

My company is using some tool to generate those kinds of false scam emails every few weeks, so I created a rule in Outlook that if the header contains the word "gophish", it put a label "lol phishing" on it, so I know to just delete them...

load more comments (1 replies)
[–] johannesvanderwhales@lemmy.world 7 points 6 months ago (1 children)

I worked at a place that actually tracked whether you reported the fake phishing emails or not...

load more comments (1 replies)
[–] IsThisAnAI@lemmy.world 5 points 6 months ago (4 children)

Plenty of companies will assign you extra training because you aren't reporting.

load more comments (4 replies)
[–] Turbofish@lemmy.world 5 points 6 months ago (1 children)

Ugh. I got one of them recently and clicking on it and hitting report as spam apparently registers as me having interacted with the email so I have to do the security course again.

load more comments (1 replies)
load more comments (2 replies)
[–] lugal@lemmy.ml 41 points 6 months ago

This would explain why this works so often

[–] WiseWoodchuck@lemmy.world 33 points 6 months ago

Why did the hacker leave their purple dildo out on their desk? Awkward 😬

[–] Sibbo@sopuli.xyz 22 points 6 months ago (1 children)
[–] cerement@slrpnk.net 12 points 6 months ago (1 children)

(I deal with vendors that still use yahoo.com emails …)

[–] dan@upvote.au 12 points 6 months ago* (last edited 6 months ago)

The thing that doesn't make sense to me is when vendors have their own domain and site but they use a freemail account (Yahoo, Hotmail, Gmail, etc). If you really want to run your business using a free service, at least use an email forwarder at your domain.

[–] teamevil@lemmy.world 13 points 6 months ago (4 children)

The password is either admin or password

[–] Atomic@sh.itjust.works 31 points 6 months ago (2 children)

Summer2024 Autumn2024 Spring2024 Winter2024

Are the most common passwords for regular employees. Update the year with the current or previous one.

Source: I was in IT.

P.s. if you have access to the physical location. Look for post-it notes under the keyboard.

[–] TexasDrunk@lemmy.world 20 points 6 months ago (2 children)

Under the keyboard? The company you worked for must be some sort of security company or financial institution. I've seen them stuck on the damn monitor.

[–] Car@lemmy.dbzer0.com 4 points 6 months ago

Given they had access to plaintext passwords, I’d hope not

load more comments (1 replies)
load more comments (1 replies)
[–] dan@upvote.au 6 points 6 months ago* (last edited 6 months ago) (1 children)

"what is your password?"
"uh, it's just the letter A"

https://www.youtube.com/watch?v=uRGljemfwUE. A classic.

[–] IHawkMike@lemmy.world 4 points 6 months ago

I'm sorry, there isn't an option to arrange icons by "penis."

load more comments (2 replies)
[–] rustydrd@sh.itjust.works 5 points 6 months ago (1 children)
[–] cerement@slrpnk.net 6 points 6 months ago

Tactics of Physical Pen Testing – lockpicking is the hardest way to get in

[–] some_guy@lemmy.sdf.org 4 points 6 months ago

Made me laugh, stopping pre-work scrolling and ending on a high note. Let me send you my passwords…

load more comments
view more: next ›