Scams and reminding yourself that you're not too smart to fall for them

Yeah - they do same here. Better that they get tripped up by a test message than a real scammer

1 Like

Always always always look at the sending email and most key the host domain of said enail address. That should stop you fron getting phished pretty much 100%

One of these is real and one of them is a scam


2 Likes

The problem is that when they get you to panic by thinking you owe money, they bypass the bit of your common sense that would normally tell you to check the sender and domain, etc. So it doesn’t stop you getting scammed 100%, because you won’t do it 100% of the time - when they catch you in an off moment and exploit your emotional response, you might neglect to do that because you’re panicking about your bill or whatever. So it’s good advice, but nobody should get a false sense of security about it.

They can still send email hijacking the proper domain because most registered domains don’t have DMARC set up properly. Even big companies like this.

(edit corrected to DMARC)

2 Likes

But don’t shops have “mystery shoppers”? Isn’t that equally deceptive?

i agree - they can have the training, send the emails even but to have disciplinary linked to it is a bit much.

I’d just stop opening any emails @hip_young_gunslinger :smiley:

yeah I’d probably have paid that no questions asked
actually I would probably have checked that the payment was made because i’m too broke to pay twice

I see the argument, it’s not exactly ideal, but if I fuck up for real I probably lose my job, if I fuck up this test thing my manager calls me an idiot and I do another course, and am less likely to do it for real.

1 Like

I had an insanely busy and stressful day yesterday and during a sit down I got called by O2 offering a discount on my phone bill.

My head wasn’t really there so I (confused but mostly just ground down by the day) went along with it until I realised that obviously this was not legit and when I realised I hung up and blocked the number, luckily didn’t get as far as giving any personal details but I suppose now they know I’m an O2 customer. Sigh

It’s not like you do it once and you’re fired.

I think if you do too many in a set period your manager is alerted and you have a chat and probably another training course. If you keep doing it then it progresses from there.

2 Likes

I think there are ways to do this that are fucked up, but I don’t have an issue with the principle of testing people at important parts of their job. Cashiers get test purchases to check they aren’t at risk of selling booze to children, office workers get fake phishing emails to check they aren’t at risk of getting hacked. Do the training, yes, but how do you measure if the training is doing what you want it to? Just sit back and wait to see if someone gets phished for real?

2 Likes

I think also you can do the training etc and still get tripped up/complacent - it’s so easy to automatically try and rationalise a random email rather than assuming that something boring and random is dodgy. It’s not a nice feeling when you slip up to a test phish email but it’s wayyy more effective than any course/training alone could ever be imo (they tend to make it so on the nose and obvious that you think it will never happen to you when in reality it’s often boring emails)

1 Like

One of my former colleagues had her savings taken. It was over ÂŁ30k. Very smart person, just got caught out. Think it was one of them where they rang the landline about an IP fault, and they had loads of her details, so it was definitely targeted.

She got the money back.

Think they just randomly call numbers starting with the carriers default numbers and hope that people haven’t ported their number.
I get loads of fake o2 calls

I work for a bank and quite a few customers have lost loads of money recently after getting tricked by fraudsters into adding their card details to the fraudster’s Apple Pay. If you get any random prompts or calls from your “bank” asking you to add your card to a new device, don’t do it!

flag everything

:black_flag:

4 Likes

Never thought about doing this, that’s a good idea because I’ve had this situation before

and have wondered what can be done about it. A couple of times I’ve refused to give my details as harru has described, and the person on the other end got annoyed with me for doing so, which was confirmation to me that it was definitely a scam. I was quite surprised and very disappointed when I later learned that it was a legitimate call.

1 Like

Is this a common thing in all companies now? It’s been a thing in my current job and the one before, so over the last couple of years, but hadn’t encountered it before. We get them on average about once a month, but it’s not consistent in timing either. Most of them are pretty believable too.

One got me angry though, some new podcast the company were doing where Elon Musk was their first guest. I was ready to kick off about what a cunt he was when I reread the email and realised it was just a phishing test.

mine will decline the transaction, then send me a text saying with the details of the company and amount and say “did you just try to do this? reply yes or no” and then if i say yes they’ll unblock my card and tell me to try again, if it’s no then it’s “please call this number”. seems like a sensible system

1 Like