Yeah - they do same here. Better that they get tripped up by a test message than a real scammer
Always always always look at the sending email and most key the host domain of said enail address. That should stop you fron getting phished pretty much 100%
The problem is that when they get you to panic by thinking you owe money, they bypass the bit of your common sense that would normally tell you to check the sender and domain, etc. So it doesnât stop you getting scammed 100%, because you wonât do it 100% of the time - when they catch you in an off moment and exploit your emotional response, you might neglect to do that because youâre panicking about your bill or whatever. So itâs good advice, but nobody should get a false sense of security about it.
They can still send email hijacking the proper domain because most registered domains donât have DMARC set up properly. Even big companies like this.
(edit corrected to DMARC)
But donât shops have âmystery shoppersâ? Isnât that equally deceptive?
i agree - they can have the training, send the emails even but to have disciplinary linked to it is a bit much.
Iâd just stop opening any emails @hip_young_gunslinger
yeah Iâd probably have paid that no questions asked
actually I would probably have checked that the payment was made because iâm too broke to pay twice
I see the argument, itâs not exactly ideal, but if I fuck up for real I probably lose my job, if I fuck up this test thing my manager calls me an idiot and I do another course, and am less likely to do it for real.
I had an insanely busy and stressful day yesterday and during a sit down I got called by O2 offering a discount on my phone bill.
My head wasnât really there so I (confused but mostly just ground down by the day) went along with it until I realised that obviously this was not legit and when I realised I hung up and blocked the number, luckily didnât get as far as giving any personal details but I suppose now they know Iâm an O2 customer. Sigh
Itâs not like you do it once and youâre fired.
I think if you do too many in a set period your manager is alerted and you have a chat and probably another training course. If you keep doing it then it progresses from there.
I think there are ways to do this that are fucked up, but I donât have an issue with the principle of testing people at important parts of their job. Cashiers get test purchases to check they arenât at risk of selling booze to children, office workers get fake phishing emails to check they arenât at risk of getting hacked. Do the training, yes, but how do you measure if the training is doing what you want it to? Just sit back and wait to see if someone gets phished for real?
I think also you can do the training etc and still get tripped up/complacent - itâs so easy to automatically try and rationalise a random email rather than assuming that something boring and random is dodgy. Itâs not a nice feeling when you slip up to a test phish email but itâs wayyy more effective than any course/training alone could ever be imo (they tend to make it so on the nose and obvious that you think it will never happen to you when in reality itâs often boring emails)
One of my former colleagues had her savings taken. It was over ÂŁ30k. Very smart person, just got caught out. Think it was one of them where they rang the landline about an IP fault, and they had loads of her details, so it was definitely targeted.
She got the money back.
Think they just randomly call numbers starting with the carriers default numbers and hope that people havenât ported their number.
I get loads of fake o2 calls
I work for a bank and quite a few customers have lost loads of money recently after getting tricked by fraudsters into adding their card details to the fraudsterâs Apple Pay. If you get any random prompts or calls from your âbankâ asking you to add your card to a new device, donât do it!
flag everything
Never thought about doing this, thatâs a good idea because Iâve had this situation before
and have wondered what can be done about it. A couple of times Iâve refused to give my details as harru has described, and the person on the other end got annoyed with me for doing so, which was confirmation to me that it was definitely a scam. I was quite surprised and very disappointed when I later learned that it was a legitimate call.
Is this a common thing in all companies now? Itâs been a thing in my current job and the one before, so over the last couple of years, but hadnât encountered it before. We get them on average about once a month, but itâs not consistent in timing either. Most of them are pretty believable too.
One got me angry though, some new podcast the company were doing where Elon Musk was their first guest. I was ready to kick off about what a cunt he was when I reread the email and realised it was just a phishing test.
mine will decline the transaction, then send me a text saying with the details of the company and amount and say âdid you just try to do this? reply yes or noâ and then if i say yes theyâll unblock my card and tell me to try again, if itâs no then itâs âplease call this numberâ. seems like a sensible system