I’m a software developer. A few years ago, we were all sent mail by a sketchy looking company that had our company’s logo slapped onto the header in the sloppiest way possible and wanted us to click on a link to a “mandatory Cybersecurity training”.
Obviously everyone ignored it. Which is exactly what you’d want people to do. Turns out, it was real and not a scam, just incompetence.
Hello <name>,
thanks for signing up to <training I didn’t sign up for>.
Turns out someone from management assigned us to that training and that’s just the standard mail it sends…
My favorite was, though, when my company started using yet another awful Microsoft service and we got a mail that we could log into our account on microsoftonline.com. Turns out that obvious phishing domain is actually operated by Microsoft.
Oh just wait until you get someone legitimately using a domain.onmicrosoft.com email address. Microsoft uses the onmicrosoft.com domain as a placeholder for unlicensed users and domains which haven’t been fully setup yet. Which is funny since they own the .Microsoft TLD and could move everything to .Microsoft domains to show it off but they choose not to for whatever reason
A company I used to work for used paycom(dot)com for their HR software. So we would frequently get notifications from there for work stuff. One day I got an external work email telling me to click a link to a paycom(dot)net site to sign up for a raffle to win a free ipad. I thought that looked sketchy as fuck so I did a quick whois on the .net and .com sites. They were completely different and the .net site was basically entirely anonymised. So obviously at that point I was like “damn this phisher managed to get the .net domain for paycom. That’s kind of impressive. I should let our IS guy know so he knows we’re being targeted.” So I shot off an email to our basically only IS guy and he responded by telling me that the email was legit and everyone in the company got it because the company was giving away an extra ipad they had. But he also said now that I pointed it out it was the sketchiest looking email he had seen in a while.
I honestly should have known better considering this is the same company where at one point a different IS person had sent me an email basically just saying “Your computer has a virus. Open this attachment to remove it.” Turns out that was also legit and the guy who used my desk on first shift managed to get a virus somewhere but rather than comming down to fix it themselves IS just sent me an email with a script to run.
I’m a software developer. A few years ago, we were all sent mail by a sketchy looking company that had our company’s logo slapped onto the header in the sloppiest way possible and wanted us to click on a link to a “mandatory Cybersecurity training”.
Obviously everyone ignored it. Which is exactly what you’d want people to do. Turns out, it was real and not a scam, just incompetence.
i think you all completed the training before it started
Got a mail a few weeks ago:
Turns out someone from management assigned us to that training and that’s just the standard mail it sends…
My favorite was, though, when my company started using yet another awful Microsoft service and we got a mail that we could log into our account on
microsoftonline.com. Turns out that obvious phishing domain is actually operated by Microsoft.I always just wait for a follow up email from whomever assigned it or ask someone who would know if that’s legit
Oh just wait until you get someone legitimately using a domain.onmicrosoft.com email address. Microsoft uses the onmicrosoft.com domain as a placeholder for unlicensed users and domains which haven’t been fully setup yet. Which is funny since they own the .Microsoft TLD and could move everything to .Microsoft domains to show it off but they choose not to for whatever reason
A company I used to work for used paycom(dot)com for their HR software. So we would frequently get notifications from there for work stuff. One day I got an external work email telling me to click a link to a paycom(dot)net site to sign up for a raffle to win a free ipad. I thought that looked sketchy as fuck so I did a quick whois on the .net and .com sites. They were completely different and the .net site was basically entirely anonymised. So obviously at that point I was like “damn this phisher managed to get the .net domain for paycom. That’s kind of impressive. I should let our IS guy know so he knows we’re being targeted.” So I shot off an email to our basically only IS guy and he responded by telling me that the email was legit and everyone in the company got it because the company was giving away an extra ipad they had. But he also said now that I pointed it out it was the sketchiest looking email he had seen in a while.
I honestly should have known better considering this is the same company where at one point a different IS person had sent me an email basically just saying “Your computer has a virus. Open this attachment to remove it.” Turns out that was also legit and the guy who used my desk on first shift managed to get a virus somewhere but rather than comming down to fix it themselves IS just sent me an email with a script to run.
Someone once said that people don’t hate computers, they hate the idiots who program computers.
Genius. The people who click on the link to the training are exactly the people who need the training.