- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
It amazes me that people still fall for phishing emails
Posted on 11/1/18 at 9:02 am
Posted on 11/1/18 at 9:02 am
I work for a fairly large organization. We have been overrun with IT security issues from phishing emails. Last week, our IT department coordinated with an outside service to test and see what is going on.
Every employee with an e-mail address was sent a generic phishing email that said - Hey, we need to meet, and had a link. It did appear to come from the CEO, but it was a generic CEO gmail address - think ceoname@gmail.com .
This link was safe, but 20% clicked on this link, that asked employees to enter their network username and password. 45% of the ones who clicked the link, entered their username and password.
The next page simulated that the password was entered wrong, and it needed to be entered again. This time, there was a warning from our organization's IT department that this site was unsafe.
20% entered their username and password again.
Every employee with an e-mail address was sent a generic phishing email that said - Hey, we need to meet, and had a link. It did appear to come from the CEO, but it was a generic CEO gmail address - think ceoname@gmail.com .
This link was safe, but 20% clicked on this link, that asked employees to enter their network username and password. 45% of the ones who clicked the link, entered their username and password.
The next page simulated that the password was entered wrong, and it needed to be entered again. This time, there was a warning from our organization's IT department that this site was unsafe.
20% entered their username and password again.
This post was edited on 11/1/18 at 9:06 am
31
Posted on 11/1/18 at 9:05 am to anc
My company has to send out reminders of what they may look like from time to time because some of the tards I work with will still click on the links.
Posted on 11/1/18 at 9:06 am to anc
Modern medicine is a awesome but It has prolonged culling the herd. People are dumb as shite.
Posted on 11/1/18 at 9:06 am to anc
AS Ron White said,"you can't fix stupid". I'd like to know how much money those Nigerian prince scams bring in yearly. I bet more than you'd think.
Posted on 11/1/18 at 9:06 am to anc
What was the average age of the people who entered it?
Posted on 11/1/18 at 9:07 am to anc
so 2% of total employees. i dont think that is that bad considering all of the old people who refuse to retire and arent with it on the tech side
Posted on 11/1/18 at 9:07 am to anc
Most of the employees at our hospital got an email claiming it was from "IT services" and to click on a link to reenter their login information.
Second I saw the email I knew it was a scam. Coworker called our IT department and they were already aware of it. But you still had some of my coworkers saying "but it said it was from IT, so it is ok right?"
Second I saw the email I knew it was a scam. Coworker called our IT department and they were already aware of it. But you still had some of my coworkers saying "but it said it was from IT, so it is ok right?"
Posted on 11/1/18 at 9:09 am to anc
quote:
20% entered their username and password again.
and those 20% need to be fired for unsafe work practices and company wide emails need to go out telling everyone that those 20% were just fired for unsafe work practices related to emails
until this happens regularly no one will give a damn about costing the company money
Posted on 11/1/18 at 9:10 am to anc
ah come one man.
I am still waiting for the check to go through from a prince in Africa that promised if I cashed a check for him I would get a certain percentage of the check. It only cost me $1000 and it has been a few years. That check coming any day now.
Then someone asked for my username and password in IT the other day.
I decided to give it to them even though I do not remembering hiring this person to work in IT and the email is not a company email. That was a smart idea right!
I am still waiting for the check to go through from a prince in Africa that promised if I cashed a check for him I would get a certain percentage of the check. It only cost me $1000 and it has been a few years. That check coming any day now.
Then someone asked for my username and password in IT the other day.
I decided to give it to them even though I do not remembering hiring this person to work in IT and the email is not a company email. That was a smart idea right!
This post was edited on 11/1/18 at 9:11 am
Posted on 11/1/18 at 9:10 am to anc
If there was a warning the site wasn't safe, then yes they're dumb as rocks.
But some phishing mails can be easy to fall for. I got one that appeared to come from the account of a guy I had literally just got finished talking with in the hall a few minutes earlier. The email said "Here's the link I was telling you about." Of course I clicked. After all, I really had just been talking with him. And yes, it infected me and IT was unhappy.
But some phishing mails can be easy to fall for. I got one that appeared to come from the account of a guy I had literally just got finished talking with in the hall a few minutes earlier. The email said "Here's the link I was telling you about." Of course I clicked. After all, I really had just been talking with him. And yes, it infected me and IT was unhappy.
Posted on 11/1/18 at 9:10 am to Happygilmore
quote:
so 2% of total employees. i dont think that is that bad considering all of the old people who refuse to retire and arent with it on the tech side
True, but 9% entered their username and password and "compromised" their accounts and the network. 2% entered it again after receiving an IT warning.
Still hundreds of professionals. Its just amazing to me. This wasn't even a sophisticated attempt.
Posted on 11/1/18 at 9:10 am to anc
We get those often and if you open it, you have to take an online class about phishing emails
Posted on 11/1/18 at 9:11 am to anc
2 Nigerian and one Liberian prince are better off because of me.
Jokes on the second two, I didnt have much left after the first one emailed ne.
Jokes on the second two, I didnt have much left after the first one emailed ne.
Posted on 11/1/18 at 9:11 am to johnnyrocket
My ex fell for a Nigerian scam. Looking back...I should have dumped him the second he admitted he was taken by a Nigerian scam.
Posted on 11/1/18 at 9:12 am to BruceJender
quote:
What was the average age of the people who entered it?
i love how they never look for trends they are afraid to know the answer
Posted on 11/1/18 at 9:12 am to anc
I mean that’s 2%. Doesn’t seem that terrible to me?
Posted on 11/1/18 at 9:12 am to anc
The SO is an IT security guy for an insurance company that deals with this shite all of the time. It’s mindblowing to hear about the shite people will legitimately fall for.
Posted on 11/1/18 at 9:14 am to baldona
quote:
I mean that’s 2%. Doesn’t seem that terrible to me?
It's bad if they have already been doing a lot of education of employees to avoid these types of emails.
Posted on 11/1/18 at 9:14 am to anc
quote:
20% entered their username and password again.
Posted on 11/1/18 at 9:15 am to lsunurse
I was joking you would have to be stupid to fall for that one.
IT for the company I am a partner in does not ask for email and password online.
We also have this written in our employee handbook which I hope HR goes over on the first day of work.
The employee has to call the IT desk and at that point they may ask for the username and password.
That is the only time that it is allowable to give out your employee user ID and password.
We had an email go to my accounting dept which luckily my wife runs as a CFO asking for an employee to wire money to my account. Luckily it went a person in the dept not allowed to do wire transfers. The email was pretty convincing and I got IT on that one quickly.
IT for the company I am a partner in does not ask for email and password online.
We also have this written in our employee handbook which I hope HR goes over on the first day of work.
The employee has to call the IT desk and at that point they may ask for the username and password.
That is the only time that it is allowable to give out your employee user ID and password.
We had an email go to my accounting dept which luckily my wife runs as a CFO asking for an employee to wire money to my account. Luckily it went a person in the dept not allowed to do wire transfers. The email was pretty convincing and I got IT on that one quickly.
This post was edited on 11/1/18 at 9:22 am
Page 1 of 3
Popular
Back to top
Follow TigerDroppings for LSU Football News