Believe it or not, the IRS doesn’t accept Best Buy gift cards as payment. Crazy. Right?
Well then I’m glad I paid them with iTunes gift cards.
I know it’s different as this is about business security, but my favorite is when people think the Sheriff or the IRS is demanding payment in eBay gift cards.
My favorite is an email attachment called Totally Important Document.zip and the antivirus wont let them open it, so they open a ticket requesting to turn off the antivirus because its impeding their work.
I know some place where the phishing emails were immediately spotted by the employees because the ceo has awful punctuation and grammar, the phishing email looked too clean to be real lmao.
My workplace does simulated phishing emails every Friday. If you click on them, they make you do training. Last month, someone’s email was breached and they started sending out tons of phishing emails, the users reported it en masse and we had dozens of reports within minutes - and these emails went out at 10PM on a weekend! Seems like our training works.
Don’t show them the email in the first place, seems like an IT problem to me 🤷
New threats slip through, it will always happen. It’s why user training is an important part of security for a company.
It’s not a case of if there will be a security incident but when, you can only limit the likelihood and damage.
Modern day reliability and security best practices are based on planning for failures assuming they are all inevitable.
Back in the old days we would just assume everything is going to work out but that just isn’t sustainable now with how complex and expansive systems have become. Basically, there are too many moving parts to account for every single possibility so people should expect systems to fail and know how to react when it happens.
Then IT should expect users to fail, it’s the thing they’re best at
