The other day, a manager at the Shitshow received an phishing email. For those of you who don’t know, a phishing email is an email requesting personal information that appears legitimate but is actually sent from a cyberhacker. I have to say this email was good. It looked exactly like the real emails that the IT department regularly sends us.
What is even more shocking is that we actually have a manager competent enough to have caught it. The manager asked our IT department if the email was real, and they quickly told him it was a fake. This is where the cleverness ends. The manager then decides to forward the email (with the suspicious link in it) to all the other managers and tells them “Don’t click on this link”. Then those managers blindly forward that email to every one of their engineers, with the dangerous link still in it. They didn’t even bother taking it out, or a perform a simple “Cut/Paste As Text” operation. They just left the dangerous element in there.
That’s akin to sending everyone a virus and then telling them “Hey! Here’s a virus, but don’t click on it” Of course, when busy engineers get several dozen emails a day, they’re too tired to read any of them thoroughly. Chances are someone is going to click on the link accidentally – a link they would have never gotten in the first place had their managers not blindly forwarded it in the first place.
Because management doesn’t know how to modify an email that they forward, I throw rocks.
No comments:
Post a Comment