|
Near the end of my shift: "I'm using someone's computer while they're out of the office and I need their account unlocked because I had caps lock on when I was typing in their password." "Is there a reason you aren't logging in on your account on their computer?" "My computer(sic) doesn't have the permissions I need." Noooooppppe. Did I mention that client is a medical company with loads of HIPAA sensitive data? Yeah, that's going over to their IT and hopefully their infosec, although I doubt anything is going to happen. The important part is that I have a paper trail directly asking their IT if they want us resetting passwords for anyone that calls in regardless of whose account it is.
|
# ? Dec 26, 2019 15:18 |
|
|
# ? May 26, 2024 09:01 |
Oh but see, he KNOWS the persons password, so it’s ok! He just screwed up typing it in!
|
|
# ? Dec 26, 2019 15:24 |
|
I mean it's less bad than when an executive assistant tried to intimidate me into changing a SVP's password so the executive assistant could log in, but still up there as far as my "what did you expect me to say?" tickets go.
|
# ? Dec 26, 2019 15:28 |
|
22 Eargesplitten posted:I mean it's less bad than when an executive assistant tried to intimidate me into changing a SVP's password so the executive assistant could log in, but still up there as far as my "what did you expect me to say?" tickets go. Hope you documented that one in a ticket in a LOUD VOICE for your co-workers and/or supervisor to hear, and CC'ed the SVP and whoever's handling account security in on the ticket.
|
# ? Dec 26, 2019 15:33 |
|
It was a couple years ago but I'm pretty sure she was the one that pulled in everyone from my manager to the CEO on that email chain.
|
# ? Dec 26, 2019 15:37 |
|
22 Eargesplitten posted:It was a couple years ago but I'm pretty sure she was the one that pulled in everyone from my manager to the CEO on that email chain.
|
# ? Dec 26, 2019 21:03 |
|
minusX posted:It's nice when they tell on themselves like that. As if the CEO doesn't tell IT to let her in and why are you holding up production????
|
# ? Dec 26, 2019 21:11 |
|
GreenNight posted:As if the CEO doesn't tell IT to let her in and why are you holding up production????
|
# ? Dec 26, 2019 21:17 |
|
After telling her no a couple times my manager stepped in, then I got privately told by both my manager and director that I did the right thing, then publicly got kudos at our next team meeting for it. Funny thing was it wasn't even until the meeting that I realized she was trying to intimidate me by name-dropping the CEO. She was trying to get into the SVP's account to approve requisitions, if they didn't get approved they would get bumped up the chain to the SVP's manager, in this case the CEO. So yeah, him having to approve stuff for the SVP while the SVP is gone is the system working as intended. Of course I happen to know the CEO gave her his account information so welp. One of my former co-workers at that place gave himself the CFO role to help in a similar situation, where the CFO was unreachable and requisitions needed approving. For it to get to the CFO level, the requisition needed two commas in the price tag. That's a good chunk of why he became a former co-worker.
|
# ? Dec 27, 2019 05:28 |
|
Some of our users have been getting the old "I saw you watching porn through my remote control malware, now pay me $amount in Bitcoin or I'll release the video I took and ruin your life" scam in their inboxes. The fun part is the scammer is sending the threat as an image embedded in the email from an outlook.com account, so it skips right past Exchange's filters. Our InfoSec team hasn't yet figured out a way to intercept these emails, either.
|
# ? Dec 30, 2019 21:47 |
|
dragonshardz posted:Some of our users have been getting the old "I saw you watching porn through my remote control malware, now pay me $amount in Bitcoin or I'll release the video I took and ruin your life" scam in their inboxes. All emails are now text only.
|
# ? Dec 30, 2019 21:53 |
|
I had to reformat my pi hole today. Guess what went wrong! DNS issues due to new internet, and given that's all I used it for, annoying but nothing of value lost.
|
# ? Dec 30, 2019 21:55 |
|
GreenNight posted:All emails are now text only. Plaintext-only would make SO many users mad.
|
# ? Dec 31, 2019 02:41 |
|
dragonshardz posted:Plaintext-only would make SO many users mad. Yea, but is there a down-side?
|
# ? Dec 31, 2019 02:45 |
|
dragonshardz posted:Some of our users have been getting the old "I saw you watching porn through my remote control malware, now pay me $amount in Bitcoin or I'll release the video I took and ruin your life" scam in their inboxes. Just tell everyone about it. Easier than actually doing something technical which they will just bypass anyways.
|
# ? Dec 31, 2019 03:42 |
|
Arquinsiel posted:Just tell everyone about it. Easier than actually doing something technical which they will just bypass anyways. Bless your heart. I have been explicitly told by literally everyone I converse with that NOBODY reads the emails from IT. Especially the ones marked as **IMPORTANT / MANDATORY READ / TRUST ME YOU ACTUALLY WANT TO KNOW THIS / IF WE DON'T RECEIVE A READ RECEIPT YOU WON'T RECEIVE A PAYCHECK** Hell people don't even read the email when I've replied to all 6 of their tickets asking the same question that's answered in the goddamn subject line with the email that answers their question in the subject line.
|
# ? Dec 31, 2019 03:54 |
|
We sent out a company wide phising awareness email, with links to training, general info, etc. We got several people reporting that email as suspicious spam. And then about a month later one idiot caused an EMOTET infection because a doc file had an image asking them to run macros in broken English. They also got super mad when referred to the phising awareness training mandatorily.
|
# ? Dec 31, 2019 05:58 |
|
Attestant posted:We sent out a company wide phising awareness email, with links to training, general info, etc. We got several people reporting that email as suspicious spam. When we had a mandatory phishing awareness thing a few months ago we noticed that all the things they described as red flags for an email also applied to the e-mail that was sent out telling us to do the training. Mostly because HR told us that it'd be coming over 2 months before the training actually happened.
|
# ? Dec 31, 2019 07:32 |
|
dragonshardz posted:Some of our users have been getting the old "I saw you watching porn through my remote control malware, now pay me $amount in Bitcoin or I'll release the video I took and ruin your life" scam in their inboxes. A mail relay parked in front of exchange, running a custom milter that OCR's images (probably not too hard with pymilter and some other assorted python libraries) and rewrites the email with the OCR text in a custom attribute on the respective <img> tags? then whatever filtering you normally use should be able to handle it, assuming it scans the entire body of the email. That might make a decent weekend project to whip up a proof-of-concept implementation. We've been lucky that all our bitcoin scams so far except one have been plaintext, so anything that matches the bitcoin address format AND has the word bitcoin (since you can accidentally match Base64 encoded attachments with the bitcoin address regex) or a bunch of common variations e.g. "bit coin", all case insensitive, get blocked. The one that did get through matched the word bitcoin but had the wallet address as a QR code image instead of text.
|
# ? Dec 31, 2019 09:23 |
|
I think you'll find he captured the process of your onanism, not "caught you masturbating".
|
# ? Dec 31, 2019 11:06 |
|
Attestant posted:We sent out a company wide phising awareness email, with links to training, general info, etc. We got several people reporting that email as suspicious spam. That was me, sorry.
|
# ? Dec 31, 2019 13:28 |
|
I just repeat every email as suspicious from Vice President up.
|
# ? Dec 31, 2019 14:14 |
|
GnarlyCharlie4u posted:Bless your heart. I have been explicitly told by literally everyone I converse with that NOBODY reads the emails from IT. Especially the ones marked as **IMPORTANT / MANDATORY READ / TRUST ME YOU ACTUALLY WANT TO KNOW THIS / IF WE DON'T RECEIVE A READ RECEIPT YOU WON'T RECEIVE A PAYCHECK** You're not trying to fix it, you're just shifting blame onto them. It's impossible to prevent a determined idiot from self owning.
|
# ? Dec 31, 2019 15:32 |
|
Kurieg posted:When we had a mandatory phishing awareness thing a few months ago we noticed that all the things they described as red flags for an email also applied to the e-mail that was sent out telling us to do the training. Mostly because HR told us that it'd be coming over 2 months before the training actually happened. If an employee forwards it to IT with the annotation "hey everyone got one of these suspicious looking emails and it looks like a phishing attempt, I told the other people in my cube not to touch it until I heard back from you" then they should be considered to have successfully tested out of the course for full credit.
|
# ? Dec 31, 2019 16:26 |
|
Eikre posted:If an employee forwards it to IT with the annotation "hey everyone got one of these suspicious looking emails and it looks like a phishing attempt, I told the other people in my cube not to touch it until I heard back from you" then they should be considered to have successfully tested out of the course for full credit.
|
# ? Dec 31, 2019 16:46 |
|
That's what we tell people when they call for a legit email they thought was fake. I also tell them I'd rather take the 99 false positives to make sure the 1 real one gets got.
|
# ? Dec 31, 2019 17:09 |
|
We set up a spam@<companydomain> mailbox that has no size limit, and every forwarded email that comes in there gets logged to a csv via Email2DB and checked against known IoCs, the attachments stripped and sent to FireEye MX, all resulting data sent to the SIEM and a reply sent to the user thanking them for their submission. We (being the security department) also included the top 10 employees who submitted legitime email threats in the monthly newsletter, and had internal lists of those that just submitted assloads of spam. The system worked really well, and is the only reason we're still paying FireEye money at this point.
|
# ? Dec 31, 2019 20:02 |
|
Our users are really loving good about submitting phishing emails and not clicking on things. ~120ish employees, last real test only, like, three clicked on it. We're a financial institution, so it's really not an "if" but a "when." We also get a decent number of spear phishing attempts, too.
|
# ? Dec 31, 2019 21:02 |
Mustache Ride posted:We set up a spam@<companydomain> mailbox that has no size limit, and every forwarded email that comes in there gets logged to a csv via Email2DB and checked against known IoCs, the attachments stripped and sent to FireEye MX, all resulting data sent to the SIEM and a reply sent to the user thanking them for their submission. I worked for them back when they were getting established, kinda neat to see them all grown up
|
|
# ? Dec 31, 2019 21:41 |
|
Mustache Ride posted:We set up a spam@<companydomain> mailbox that has no size limit, and every forwarded email that comes in there gets logged to a csv via Email2DB and checked against known IoCs, the attachments stripped and sent to FireEye MX, all resulting data sent to the SIEM and a reply sent to the user thanking them for their submission. I have argued with so many clients that doing this public bestowing of cookies in employees will reap more dividend than any tech solution they want to throw money at. FireEye MS is pretty drat sweet if you have money to throw though. You appear to be living both dreams at once
|
# ? Jan 1, 2020 04:55 |
|
I ran a phishing test last year and we had a 70% clickrate, less than 10 reports out of 1200 people, and multiple people that sent the email to others asking them to open it. Now we use Proofpoint and it's great but I still have people get mad that "you're blocking my emails maybe they're actually legitimate you don't know!" and I'm like buddy you bought $2000 worth of iTunes gift cards for the IRS last year and we're in loving Canada so you're lucky I let you have email at all.
|
# ? Jan 1, 2020 05:39 |
|
Love to get pissy emails from users who are shocked that I haven't solved their tickets while I was on my holiday leave.
|
# ? Jan 2, 2020 11:34 |
|
You had so much time to get it done!!!
|
# ? Jan 2, 2020 15:50 |
|
I also want to retrospectively complain that all of my business stakeholders offered to create upgrade opportunities over the holidays... During our change freeze. Also, none of them truely demonstrated how bad a short downtime would actually be, they just assumed I'd assume the world would fall into the sun and therefore would work for nothing to do it whenever they wished.
|
# ? Jan 2, 2020 16:22 |
|
Heners_UK posted:I also want to retrospectively complain that all of my business stakeholders offered to create upgrade opportunities over the holidays... During our change freeze. Do we work for the same company? We run into the same thing here: Change freeze = please do all your network maintenance now since we cannot approve downtime any other time of the year.
|
# ? Jan 2, 2020 16:32 |
|
My boss gave his notice on the 30th. They called and offered me his job on the 31st.
|
# ? Jan 2, 2020 18:29 |
|
Niiice! Goongrats!
|
# ? Jan 2, 2020 18:30 |
|
kensei posted:My boss gave his notice on the 30th. They called and offered me his job on the 31st. Nice!
|
# ? Jan 2, 2020 18:33 |
|
Ask your boss what he got paid to see if you got the job due to being much cheaper.
|
# ? Jan 2, 2020 18:49 |
|
|
# ? May 26, 2024 09:01 |
|
GreenNight posted:Ask your boss what he got paid to see if you got the job due to being much cheaper. Depending on experience Kensei just might be worth slightly less for the role, which is fine. If you aren't getting pumped at least 20% though, you are getting shafted.
|
# ? Jan 2, 2020 19:00 |