OK I can't deal with this user anymore.

This morning I get a text. "My laptop isn't getting emails anymore I'm not sure if this is why?" And attached is a screenshot of an email purporting to be from "The <company name> Team". Which isn't even close to the sort of language our small business uses in emails. This email says that his O365 password will soon be expiring and he needs to download the attached (.htm) file so he can keep his password. Never mind the fact that the grammar is awful, the "from" address is cheesy and our O365 passwords don't expire. He went ahead and, in his words, "Tried several of his passwords but none of them worked." This is the second time in less than a year that he's done this and I thought we were very clear that these emails are never real, but I'll deal with that later.

I quickly log into the O365 admin portal and reset his password to a randomly-generated one. I set this to be permanent since this isn't actually a password he should ever be needing to type. I call him up and explain to him that it was a phishing email and he essentially just gave some random people his credentials so I needed to reset them. I then help him log into Outlook on his PC with the new password. Once he's in, he says "so how do I reset this temporary password?" I tell him that no, this is his permanent password now and he doesn't need to remember it because he shouldn't ever need to be typing it anyway. He says "No no no that won't work I can't remember this." (I smile and nod to myself at this point -- THAT'S THE IDEA). But I tell him when he is in the office we will store the password in a password manager in case he ever needs to get to it. Long pause follows. "Can't I just set it back to what it was so I can remember it?"

  • 14
    On the plus side, this incident *just so* tipped the scales for me to convince management we need to turn on 2FA. Just so. It was still embarrassingly close.
  • 6
    Well he's good at making it clear that you made the right choice!!!

    I've been managing some apps I made .... and the god damn users and their passwords and fuck guies. The amount of people who are sure their password is X and it never has been (because you never fucking finished registering) and so forth is killing me.

    That and "I didn't get the password reset email. Shit..."

    I'm creating a new system for these things called FUCK YOU HERE RESET YOUR PASSWORD <LINK> combined with NO THIS IS THE FUCKING SITE YOU USE IT ON that I can just send out at the sign of any trouble....

    I should have done that long ago but stupid me had faith in humans.
  • 4
    @N00bPancakes Let me know when that system goes live, I'll sign our company up for it!
  • 9
    The actual solution is to fire that employee.
    2FA doesn't magically make him immune to social engineering in general.
    He will keep being a huge risk for the company as anyone can just talk him into granting physical or elecronic access to everything accessible to that employee.
  • 4
    @Oktokolo Oh I'm aware, I can only hope it'll make it harder for him to screw things up. I also have no intention of helping him save the password; if he ever needs it he can come to me for it. Honestly I'm surprised he hasn't been fired long ago. Nobody likes him, including the company owner. But unfortunately it's not my call. *shrugs*
  • 1
    Some people have jobs because of blackmail.

    Also his password he wants to use: 12345
  • 7
    In that case: Try to restrict his privilegues as much as possible without it making it look like mobbing. He probably has already executed greeting cards and opened fishy "invoices" which came in by email...
    Make sure that ransomware can't spread from his devices to the rest of the company.
  • 10
    @Demolishun It's almost that bad. Last time this happened, his password was a street address and then a "0" after it. He thought we could fix the problem by just making the "0" a "1" instead. Because the phishers definitely won't try THAT when his password stops working...
  • 2
  • 0
Add Comment