• Unaware7013@kbin.social
    link
    fedilink
    arrow-up
    19
    ·
    1 year ago

    Social engineering is an attack older than computers and will always be the biggest vulnerability in any organization. Training helps, but there’s always going to be someone that fucks up and clicks the thing they shouldn’t.

    • Echo Dot
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      1 year ago

      We send out fake phishing emails, i.e. they’re not really phishing emails but they are designed to look like them to see which people in our organization click them.

      Often we will just copy and paste a real one so they look exactly like the real thing and there’s always some pillock that clicks them and enters their password or something into an obviously fake form. Then when you challenge them on why they were fooled by such an obvious ploy they always say something like “oh I don’t really do computers” as if that’s an excuse.

      And it’s always the people you think it’s going to be. The ones that call up to tell you that their computer is running slow and invariably it’s because they have 945 Chrome tabs open.

      • Unaware7013@kbin.social
        link
        fedilink
        arrow-up
        11
        ·
        1 year ago

        And it’s always the people you think it’s going to be.

        The thing is, in my org it’s not; they get people from every team on the reg. One of the senior admins (OS admins, not office admins) on my team has gotten hit because our infosec team is mean and will send out emails from ‘hr’ when he is sending them too. They’ve almost gotten me a couple of times, and I’m basically the liaison to their team from mine.

        My cito was laughing about it the other day because his name gets dragged through the dirt when it’s his 2nd who does shit like send that stuff to new hires an hour after they start day one. Tends to keep people in their toes.