this post was submitted on 29 Mar 2025
974 points (98.8% liked)
iiiiiiitttttttttttt
748 readers
74 users here now
you know the computer thing is it plugged in?
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I report any and all emails from anyone on the CSIRT team as suspicious.
They did a phising test targeting every employee without informing me (internal ITSM lead) first. So they deserve the extra work, and my entire team does the same.
Do you feel like you should be excluded? Did you get the results afterwards?
I often conduct phishing tests for customers where only 1 or 2 people are in the loop to cover as many peepz as possible.
If it was conducted properly, it would have been fine to not inform me.
They made it way too hard to spot that anything was off until after you'd clicked something in the email, combined with blasting 2000+ people with the email at the same time.
Our employees are trained to call helpdesk ASAP at any sign of potential issues where your credentials have gotten stolen, hundreds of people called in the first 10 minutes of the email being sent out because they had opened the email and got scared and thus called, I got called in from my vacation by one of the people on my team, and I called everyone else in from vacation.
I should've absolutely been informed about this. But considering how fucking dumb whoever did the test was, I'm not surprised I wasn't. The KPMG consultant who was clearly not an infosec person at all got fired after this.