Reporting security incidents

a year ago by cron to c/cybersecuritymemes

Love it when someone falls for phishing, gives away their login, and just… says nothing. Really helpful.

Brewchin 21 points a year ago

I've been told off for reporting phishing attempts:

Real: "Why did you receive it?!" Dunno mate. Woke up this morning and decided that I wanted it. We all have total control over what email we get sent, right?
Fake: "This Isn't a phishing attempt! What's wrong with you?!" The From domain, the link domain both look suspicious, and the SMTP headers are dodgy AF. Should I have FAFO and then reported it after the fact?
Test: "Why are you reporting this? It's the test phish we commissioned!" You do realise that you're meant to do some work, right? Sure, you paid someone to safely phish staff, but that also means following up on it's effects.

Damned if you do, damned if you don't. And manglement gaze at their navels wondering why incidents don't get reported... 😬

save

path: 0 16638846, hotness: undefined, score: 21, children: 1

luciferofastora 1 point 9 months ago

I once ordered some software from our internal catalogue, then got an email from some external address I didn't recognise with a download link that seemed fishy as hell. Except we don't get admin permissions on our (company-provided and -managed) devices so I couldn't even have installed it if I wanted.

Reported it, got told "Yeah, nah, this is legit. You're supposed to download it and have support remote in and install it for you. It's all in the product description, if you read it." In hindsight, maybe the lack of any corporate logo or other attempt to make it look credible should have clued me in, reverse-psychology style: If they really were trying to trick me, they'd have put at least some effort in, right?

save

path: 0 16638846 19622849, hotness: undefined, score: 1, children: 0

RowRowRowYourBot 12 points a year ago

save

path: 0 16632166, hotness: undefined, score: 12, children: 6

cron 9 points a year ago

True. Additionally, some might be embarrassed or too afraid to report an incident.

save

path: 0 16632166 16632628, hotness: undefined, score: 9, children: 5

RowRowRowYourBot 3 points a year ago

save

path: 0 16632166 16632628 16633149, hotness: undefined, score: 3, children: 0

a4ng3l 2 points a year ago

On don’t give a shit bc they are external employees and have no interest in the company… why bother?

save

path: 0 16632166 16632628 16635027, hotness: undefined, score: 2, children: 3

Godnroc 8 points a year ago

"External Employees" sounds like a term that was invented purely to avoid paying people adequate wages or benefits.

save

path: 0 16632166 16632628 16635027 16635208, hotness: undefined, score: 8, children: 2

smeg 5 points a year ago

Contractors tend to get way higher pay in exchange for a lack of benefits like guaranteed employment. I'd be surprised if security gives them the same level of trust as normal employees though.

save

path: 0 16632166 16632628 16635027 16635208 16643110, hotness: undefined, score: 5, children: 0

a4ng3l 2 points a year ago

Depends I guess. Some are definitely not hurting. Others are starving. But none are giving a shit for sure.

save

path: 0 16632166 16632628 16635027 16635208 16635507, hotness: undefined, score: 2, children: 0

SoftestSapphic 10 points a year ago

When the reward for reporting an incident is more work then people won't report

save

path: 0 16642650, hotness: undefined, score: 10, children: 0

OpenStars 2 points a year ago

I don't think it's helpful at all! 😳🙃🫠

save

path: 0 16638014, hotness: undefined, score: 2, children: 0