Skip Navigation

Cybersecurity - Memes @lemmy.world cron @feddit.org 3d ago

Reporting security incidents

Love it when someone falls for phishing, gives away their login, and just… says nothing. Really helpful.

9 comments

I've been told off for reporting phishing attempts:

Real: "Why did you receive it?!" Dunno mate. Woke up this morning and decided that I wanted it. We all have total control over what email we get sent, right?

Fake: "This Isn't a phishing attempt! What's wrong with you?!" The From domain, the link domain both look suspicious, and the SMTP headers are dodgy AF. Should I have FAFO and then reported it after the fact?

Test: "Why are you reporting this? It's the test phish we commissioned!" You do realise that you're meant to do some work, right? Sure, you paid someone to safely phish staff, but that also means following up on it's effects.

Damned if you do, damned if you don't. And manglement gaze at their navels wondering why incidents don't get reported... 😬
Remember that many know nothing about security and might not realize that pop up is a real problem
- True. Additionally, some might be embarrassed or too afraid to report an incident.
  
  True but I believe that ignorance is a much more common problem.
  
  Source: not an IT person and ignorant of stuff
  
  On don’t give a shit bc they are external employees and have no interest in the company… why bother?
I don't think it's helpful at all! 😳🙃🫠

9 comments