85
Number0
7y

How do I un-idiot my users when it comes to clicking on dodgy email-links??

Got a forwarded email just there from a user who said;

Good afternoon,
Is the below ok to open?
I just tried but got a popup saying I've been blocked from opening it.
I'm not sure who it is coming from and I am not waiting on anything but as it says its from dropbox and is important, i know it's okay.
Can you unblock the link ASAP please?
This is really impeding my work-day as I need to know what it is and act accordingly.
Regards... user.

The Original email came from a random jumble of letters with a subject line of 'important dropbox program' - not only does it look dodgy but its english is horrible! It said;

"Hi tu my freind,

You tu still read a pending verrry important document sent by one of your own contact to be vieweddd.

Install "Highly Confidential english.pdf" by clickinggg here

*insert link leading to something called 'viral-update-trojan.exe'*"

I mean, seriously... help!!! 😢
We have sent emails explaining how to hover over links and to not to click them if it looks wrong.
No one does it.
We hired a company to send fake phishing emails to train users in what to do.
It made no difference!
We now make people 'verify' their email addresses when opening any sort of link to try get them to actually look at what they're opening.
We also strip emails of original attachments and create 'safe' html copies as we can't trust them to look at what they're opening.
Everyone complains about it but Jesus Christ, this is why!!!

Its so exhausting!! What is wrong with people!!! Argh!!! 😤

Comments
  • 13
    Forget it, they will never learn.

    And it would be really easy, just mistrust anything you don't know, and take a closer look on anything you mistrust. That is true for everything in life, not only online. But most people don't care.

    In the past I thought, humans would be intelligent. Today, looking around the world, I'm sure, the majority of humans are not.
  • 18
    awesome, betcha you could call your company and say "Hi Caren, here is the CEO, i've got an emergency could you wiretranfer 20 million Dollars to this account? Don't tell anyone. Thank you Caren for your compliance."
  • 16
    @heyheni actually, yes you could!
    One of our directors once replied to a scam mail 'from the bank' with the company bank details.
    Whoever it was then copied his email address and contacts, and mailed our accounts dept asking for a transfer to be done to some random account.

    Emails went back and forward for several days organising this. Only when an accounts guy was in the middle of a meeting with the director and received a mail from said director about it, did he think to ask if we thought something was wrong - he didn't think of asking the director himself first!!

    No one fact checks here and it's soul destroying!!
  • 5
    We are in the wrong side of things here...
  • 7
    Your users are idiots. ❤️❤️❤️❤️❤️
  • 5
    The general population are deadset fucking myopic idiots. It's unfortunately our job to be the shepherds of these sheep as our species evolves.
  • 7
    You could set up a fake network so that the users can click on bad links and fuck up their computer then make them sit through a fucking 3hr class on security. Once they are done just restore their computer from backup... Oh wait that would require way more money and effort than it's worth...
  • 14
    I strongly recommend a policy my cousins company uses: every windows based PC is connected via some sort of isolated VPN-like connection in a way it can share resources, but won't infect others. Every month there's a 15-minute meeting where the CTO reminds everyone not to open suspicious links on mails. When someone does it, there's a big show firing this person with immediate effect. It's literally a show. The boss yells, takes all the company's stuff used by employee and throws him out. And then he just takes a seat, takes a sip of coffee and with Angel-like voice says calmly 'aah, another tumour has been taken care of'
  • 3
    @waszqba that was basically what I was envisioning with my previous reply.
  • 7
    @ewpratten Would love to but the company we paid to send fake phishing emails locked the users PC for 5 mins and made them watch a video.
    People just called us complaining for the 5 minutes instead of watching it haha
  • 6
    Let natural selection do its work
  • 2
    @Number0 read and learn my dear padawan: http://bofh.bjash.com

    it will help you communicate with your users more pleasantly or at least make more fun 😉
  • 6
    Fire the worst 5% of your employees, then offer another round of training. The rest will start actually trying.
  • 4
  • 1
    @ewpratten i believe I started writing my comment before you've sent yours and have sent mine after yours
  • 2
Add Comment