• 🇰 🌀 🇱 🇦 🇳 🇦 🇰 ℹ️
    link
    fedilink
    English
    133
    edit-2
    1 year ago

    A lot of hacking is actually social engineering. It’s not hard to get a tech-illiterate person to give up their password, and that’s the softest target for an attack.

  • @[email protected]
    link
    fedilink
    941 year ago

    Hacker voice: “I’m in”

    Looks at overly complicated industry software he’s never even heard of before

    “I’m out”

  • @[email protected]
    link
    fedilink
    74
    edit-2
    1 year ago

    We have these obligatory online seminars about web security /privacy at work.

    Turns out that for some reason, with Privacy Badger enabled, they appear as “passed” instantly. I never saw a single second of these endless seminars.

    I tried to tell the IT guy but he couldn’t care less and I suspect he didn’t even know what Privacy Badger actually is

  • @[email protected]
    link
    fedilink
    451 year ago

    (Opens DOS, frantically types)
    “Heh. I was able to SSH right into their jpg with nothing but an Ethernet cable and router grease.”

  • @[email protected]
    link
    fedilink
    English
    451 year ago

    We get fake phishing emails that are actually from IT and if we don’t recognize and report them, we get a talking-to. It’s a good way of keeping employees vigilant.

    • @[email protected]
      link
      fedilink
      361 year ago

      A friend (who actually works in IT) apparently has a good system at his company. It actually automates turning real phishing attempts into internal tests. It effectively replaces links etc and sends it onwards. If the user actually clicks through, their account is immediately locked. It requires them to contact IT to unlock it again, often accompanied by additional training.

      • @[email protected]
        link
        fedilink
        21 year ago

        Wait. So your friend’s company has the ability to reliably detect phishing attacks, but instead of just blocking them outright, it replaces the malicious phishing links with their own phishing links, sends those on to employees, and prevents them from doing their jobs of they fall for it?

        Sounds like your friend’s company’s IT people are kind of dickheads

        • @[email protected]
          link
          fedilink
          91 year ago

          I work at a company that does something similar; it can be annoying to deal with these fake phishing emails from our own IT, but a 10-15 minute training session if you fail is a lot less disruptive than what can happen if you clicked the real link instead.

          I consider myself a bit more tech-savvy than average, but I’ve almost fallen for a couple of these fake phishing emails. It helps me to keep up with what the latest versions of these attacks look like (and keeps me on my toes too…)

        • @[email protected]
          link
          fedilink
          21 year ago

          It’s not every phishing email. I think it’s technically those that get through the initial filters, and get reported, but don’t quote me on that. Apparently it’s quite effective. They also don’t need to report every one. It’s only if they do something that could have compromised the company that causes a lock down. It’s designed to be disruptive and embarrassing, but only if they actively screw up.

        • @[email protected]
          link
          fedilink
          21 year ago

          Well the company probably can’t detect them reliably, so wih the ones it does detect it trains them to avoid the ones that they can’t detect.

    • @[email protected]
      link
      fedilink
      English
      321 year ago

      My last company did this. They’d also send out surveys and training from addresses I didn’t recognize, so I’d report those, too, only to be told they were legit 😂

    • @[email protected]
      link
      fedilink
      English
      11
      edit-2
      1 year ago

      I send supervisor emails about stuff I’m not gonna do to my spam folder as well…

      “Did you get the email?”

      “Nope, sorry, it looked a little suspicious so I didn’t open and sent it to spam…”

    • @[email protected]
      link
      fedilink
      41 year ago

      My workplace does this too. I can usually tell when the email isn’t a legit phishing email but an IT test though. Not sure how helpful that is.

    • @[email protected]
      link
      fedilink
      31 year ago

      We get those, but the sender email shows up as [email protected] or whatever. Literally the most obvious possible address. I’m always tempted to forward one to IT and ask if they’re serious with that shit.

      • @[email protected]
        link
        fedilink
        English
        21 year ago

        Ours are the opposite: the sender’s email shows up as a normal [email protected] email. Gmail is supposed to warn when a return address is being spoofed like that, but I guess my company turned that warning off for these fake phishing emails. There’s still no SPF but I don’t check the SPF unless an email looks suspicious so I hope that that warning will work for real, sophisticated phishing.

    • @[email protected]
      link
      fedilink
      11 year ago

      I always just ignore anything that looks dodgy, I can’t be bothered to spend the time reporting emails when I get so damn many that are either spam or phishing

  • kamen
    link
    fedilink
    English
    261 year ago

    "I wonder why they’d need my 2FA too, but oh, well… "

    • hoodatninja
      link
      fedilink
      331 year ago

      I’m all for acting your wage, but I don’t want to make victims of anyone who is interacting with my company simply because I was feeling spiteful. The company will be fine, the tons of people who just had their information leaked are the ones who are truly inconvenienced and may face financial repercussions later on when their information is distributed. Just something to consider

  • teft
    link
    fedilink
    161 year ago

    A good portion of the movie Hackers was social engineering. That’s how Mitnick got into a lot of systems as well. Why search for vulnerabilities in apps when people are much easier to manipulate.

  • @[email protected]
    link
    fedilink
    English
    121 year ago

    I wonder if that’s how my old job had 780 gb of source stolen though social engineering.

    • @[email protected]
      link
      fedilink
      111 year ago

      780 gb of source code? Sounds a bit overengineered, I bet that was hard to audit for security flaws

      • @[email protected]
        link
        fedilink
        71 year ago

        If there’s 780 gb of source code, I doubt anyone there has the wherewithall to do security audits

    • @[email protected]
      link
      fedilink
      41 year ago

      As somone in IT who has to deal with executives I can assure you that high compensation has no correlation with good security practices :(