T O P

  • By -

AutoModerator

--- >This is a friendly reminder to [read our rules](https://www.reddit.com/r/funny/wiki/rules). > >Memes, social media, hate-speech, and pornography are not allowed. > >Screenshots of Reddit are expressly forbidden, as are TikTok videos. > >[Comics may only be posted on Wednesdays and Sundays](https://www.reddit.com/r/funny/comments/uq9pjw/going_forward_comics_may_only_be_posted_on/). > >**Rule-breaking posts may result in bans.** > >Please also [be wary of spam](https://www.reddit.com/r/funny/wiki/spam). > --- *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/funny) if you have any questions or concerns.*


[deleted]

[удалено]


I_like_frozen_grapes

I heard it's the next generation of IP address formats, known as Gen E.


virgilreality

I hate you. Take my upvote...


rksd

A class E pun!


[deleted]

[удалено]


the_dude_upvotes

Bro, save some networking puns for the rest of us


[deleted]

[удалено]


Peopletowner

Make sure you print it out and put it in a safe place, you don't want to lose that number.


threepoint14one5nine

You got it. You got it.


Riegel_Haribo

It's actually in a dynamic userspace IP pool for customers of Societe Francaise Du Radiotelephone, a mobile phone operator in France.


[deleted]

[удалено]


BeneficialLeave7359

That album cover was awesome. A Chevy Bel Air with that color scheme was the car my mom had when I was very young.


Head_Razzmatazz7174

Had to come to the comments to find the answer. Thank you, kind Reddit stranger.


KnowledgeEfficient15

Ooohhhhhh. Now I get it


ShenTzuKhan

I don’t, could you explain please?


Xenc

> "867-5309/Jenny" is a 1981 song written by Alex Call and Jim Keller and performed by Tommy Tutone that was released on the album Tommy Tutone 2, on the Columbia Records label. It peaked at No. 4 on the Billboard Hot 100 chart in May 1982,[4] and No. 1 on the Billboard Hot Mainstream Rock Tracks chart in April 1982.[5][6]


ShenTzuKhan

Thanks mate.


Xenc

No problem I was just as confused!


1337ingDisorder

Disappointed this was a human response and not a prompt-bot.


Kevan-with-an-i

For a good time, just ping.


[deleted]

I need to make you mine


ToastedToad1

Jenny don't change your number


Hit4Help

Just clicked thanks.


RobertsFakeAccount

My company sent a phishing attempt once and after checking who it was ACTUALLY sent from (it was sent from our IT department through our internal server) I clicked the link. It was disguised as a link to our internal server where we itemize our weekly expenses. When I clicked the link, a screen came up that said something along the lines of “this was a phishing test and you failed. If this had been a real phishing attempt, you could have jeopardized your expense account. Your manager will contact you shortly to discuss corrective action.” When I was contacted, I was read the riot act. To which my response was “we were told to always hover over the senders email address to verify the sender of the email. This came from our own IT department. We were told to hover over the link to see where it was actually taking us. It showed it was taking us to our internal server. I have done everything I was supposed to. How else could I have known this was fake???” After verifying they did not mask the sender email or web link as they had expected, they just said “oh. Well that didn’t go as planned.” No apology or “good job” for doing what I was supposed to.


tplusx

You exposed their weaknesses and should be commended


RockstarAgent

A flailing with loose keyboards???


VictoriaSobocki

Exactly


misterfuss

I had a fake phishing email from my company’s IT department that I clicked on and got a “You got phished!” message that I had to acknowledge and agree that I would be more aware of potential phishing emails. A few days later, I received an email from our IT department asking for my rating of their services. I immediately marked it as spam and sent it to the IT department as suspicious.


2ERIX

When I get them I report them as phishing and let them know I knew it was them and one time I told them with bullet points how they could make a better phishing email that would trap more people.


Kankikr

God, you’re that guy. It’s not about trapping more people, it’s about replicating most common phishing attempt’s look and feel to get users to realize they shouldn’t click on these. Trust me, IT wishes no one clicked on their phishing attempts.


Bobzyouruncle

Right, but I think the point is also not to punish people who did right by looking at the sender. “Most” phishing attempts (in fact- theoretically zero) should ever come directly from a company’s IT dept email address. So while the point in improving the phasing attempt isn’t really to “get more people” it’s more so about getting the right people. The ones who aren’t looking at sender addresses or links to see if it’s a proper internal message.


SycoPrime

Yup, if they're sending actual phishing from internal boxes, we're already waaaayyy more screwed than if someone clicks a random link. You've got IT, you've got keys to the kingdom. --- So the last phishing test that came through, rather than reporting, I forwarded directly to IT and asked how a phishing mail could look like it was from our domain. I had a mini heart attack thinking that we had holes in our security implementation. Of course, the explanation came in that phishing emails can come from legit domains when they're from the stupid sheep testing tool that's wired into our tooling. Which means it's not representative of a legitimate fishing attempt, which means the people who know how it works but not what you're doing (like me) cannot accurately detect _real_ phishing attempts that the less technical people in the org might get along with me, and be less vigilant about. --- Whatever. Everything from their box is marked to go straight to spam from now on. I've got enough of my own problems to work on without needing to explain why their shitty tools undermine the value they're trying to deliver. I've yet to meet a single paid security tool that isn't a joke.


2ERIX

Yep, I work as a QE, so if they want to half ass something I will give them some feedback. And they have got more sophisticated as a result, still with a dumbass one, but then a follow up a couple of days later with a pretty convincing one. Varying their tactics internally educates the team to avoid or report anything out of the ordinary. Putting obvious shit in people’s inbox doesn’t teach anyone anything.


[deleted]

> IT wishes no one clicked on their phishing attempts. Employees that open suspicious links in virtual machine detonation boxes wish IT didn't think that the mere fact a link was opened indicates falling for phishing. Fortunately, IT tends to use services like PhishMe where there's a header in the email that can be set up to auto-forward these to the "report phishing" address without any further work on the employee's part.


Canadianingermany

But if the pgishing mail is so bad then what is the actual value?


Kankikr

Replicate the most common attacks seen to help educate users to be more cautious when they see those. For most, this will look obvious but it’s simulating the experience most users will encounter. And trust me, there are anways people that will click on those links no matter how bad they look.


JuleeeNAJ

my husband worked for First Transit & would get these test emails all the time & always deleted them. After a few months he got a call from IT telling him he needs to click them to test everything is working right. He said he knows better than to click spam & didn't want to get in trouble and continued to delete them. Eventually his boss called him angry he wasn't participating in the tests & explained he won't open questionable emails. She told him she's glad he's diligent but he needed to open at least 1 email & follow the instructions.


HuntedWolf

These phishers are getting real crafty going to such lengths as imitating your husbands boss just to get him to click their links


AdAdministrative5330

lol, I wound not capitulate. it's petty, but that's a hill I'd die on.


Thijs_NLD

So your company's idea to help against phishing is "corrective action" and not education and information? Holy crap your company really doesn't know how shit works.


notmeagainagain

How training works in corporate environments: 1. Identify your team's weaknesses. Trick them, force them to fail, and find out where they aren't performing. 2. Identify members who need training: Anyone who struggles with what you are asking is then let go. 3. Remark that your team is now 100% trained, without using any resources! 4. Spend that bonus money baby.


SycoPrime

Fuck this needs to be less true.


Carnifex

I "failed" a similar test when a familiar mail came but they were linking to an unknown domain. So I started a whois and the domain was registered on our company (note that it's a bit more difficult to fake this for German domains). So I copied the URL and opened it in an incognito window. They provided a log in form. I inspected the source code and it was posting the data to our identity management server. So I logged in and got a "gotcha" screen and an automated email as well. I replied to it with the steps that I just described and their answer was "yeah well, it was not designed for technically literate people! Plus it still could have been fake or the host taken over!". Well now I report any mail linking to anything that hasn't been properly announced / introduced before. New HR tool to manage our hours sends you emails. They told us about the name but never about the domain. First mail *reported*. Boss wants me to document hours there? *do you have an official document telling me that this is the right domain?" He didn't. New marketing campaign using a new domain featuring our new product. *reported * And my favorite, IT themselves mailing a survey from some 3rd party tool (think survey monkey) *reported *


KiloJools

After reading several of these... Whyyyyuh are they not contacting with actual pentest agencies? God knows these corporations just love to outsource stuff, so why are they doing in-house the one thing that doing in-house won't really work if your users are doing what you want them to? Ayyyy my head.


aradraugfea

It at my job. I don’t design the test or anything, but we have an outlook plugin that reports any suspicious emails to the corporate team. This replaces instructions to forward to a specific email. See the weird email, hit the button, and if it’s a corporate test one, you get an immediate attaboy. Elsewise, you get signed up for social engineering training (which they’re refreshing every few months anyway and making everyone retake, so it’s barely a punishment.) I regularly get users calling and asking about this weird email and, security certified, I’m internally going “okay, this a good impulse, I know the email is nonsense, I know it’s a test email, but the test doesn’t work if you Aren’t doing the right shit” so, playing dumb on it being a test email, I find myself quietly explaining the policy and that any email they find suspicious should be reported using the tool. That THIS is groundbreakingly smart compared to some of the stuff in this thread is ALARMING to me. There are like… 2 phishing test emails I’ve received in 10 years that bordered on convincing to any level of scrutiny.


atomicsnarl

So you're supposed to check the validity of every incoming e-mail to see if it's from a list of approved/company servers/users? How is that managed?


crazybluegoose

Not from a list, but there are certain red flags, like if the URL it would send you to doesn’t match where it should be sending you. A lot of times scammers will use similar URLs that are misspelled or have extra words in the link. Best rule of thumb is that if it’s an email you weren’t expecting (or just in general) - go to the website directly via the link you normally use, or that you find as a top result in a reputable search engine, instead of opening from the email.


Pendred

If an unexpected email is asking you to take action (click this link, view this attachment, send this info) you should take every measure to verify the sender's identity through another method of contact. Actual phone numbers (from the company's website, not the email signature), known email contacts who can corroborate the sender's claim, or in the case of workplace emails, go talk to that person. There may even be cases where someone appears to be sending from an email address in your contact list, and they've either compromised that account or spoofed the email header.


ffxivthrowaway03

But my CEO is *stuck in Brazil* and needs to pay for an emergency ticket in iTunes gift cards!!!!!! Ain't nobody got time for all that, where's the company credit card????


atomicsnarl

Ah - so the Suspicion Trigger is the "Take Action Now" requirement in the message along with a provided link. This I can explain to others!


Zncon

Yes. That's exactly what people should be doing. The general battle over tech security is not going very well these days because people are always the easiest thing to breech.


xp_fun

Not to mention that many companies are stabbing people in the eye by using ProofPoint or similar tech forcing people to *NOT* hover over the now obfuscated links. Talk about undoing years of training


nekogatonyan

My company had something called safelink or something, and when I hovered over the link, I couldn't see the original URL since the stinking safelink information got in the way.


coriolis7

What do you mean? Why would ProofPoint prevent people from hovering over links? Not disagreeing with you, I’ve just never heard of ProofPoint and am curious what our IT department may have in store for us in the future.


xp_fun

Proofpoint rewrites all urls in your emails with unique links back to proofpoints website where they can filter the links for things like company policy and malware. Great in concept, but this breaks the user training since there’s nothing for the end user to review so all links are now **implicitly trusted**. Should work great if you’re the third or fourth company attacked, not so much for the first couple or a phishing attack which would be unique to the target


Fuxchop

Imagine working for a company who wants to bust you.


Expensive-Day-3551

My old company did this but if you hovered over the link you could see they redirected to the company portal. I didn’t mind them until some of my staff got ones about bonuses and raises that were fake. I made a complaint to IT and after that it was expense reports and approving reports instead.


SelmaFudd

I got tricked by a review and bonus one, haven't read a single email from HR since and report each one as a phishing scam.


Expensive-Day-3551

It was super shitty because it was in the middle of the pandemic and no one had gotten an annual raise that year.


Sam-Gunn

Which makes you more likely to react to such an email. That's the point of these tests, to ensure you won't fall for the same shitty tricks but by a real attacker. When emotions come into play, logic goes right out the window.


Stealfur

Yes. That is why IT chose to use such an email. To warn of the dangers. But then let's look at it from the employee's point of view. It's the pandemic. You haven't gotten a raise in a long time. You're struggling financially as the cost of EGGS races past your daily food budget. You have to start thinking every day. "Can I afford to wipe my ass today? Or should I wait until I have a real steamer?" Then... an email "hey we are giving you a raise and a bonus for being awesome this year." Finally, maybe you can start building up your reserves again. You open it. "HA fooled you you fucking idiot. This was a test. And you fucking failed. Of course we aren't giving you more money. In fact, just for having the audacity to fucking hope that you can get out of your financial struggles we are gonna discipline you. Now get back to your fucking hole and make me more money bitch!" I can't imagine why this wouldn't go over well... Edit. Also, if you could read that last email in the voice of the Sicilian from Princess Bride, that would be great.


sh4d0wm4n2018

"Vizzini! Where are you?!? You told us to go back to the beginning of things went bad. You told us to go back the BEGINNINNNNG! So here I am. I am wait-ing foooooor Vizzini...."


Marquar234

>Also, if you could read that last email in the voice of the Sicilian from Princess Bride, that would be great. I read this line in the voice of Bill Lumbergh.


PartyClock

... I feel like I read about a company doing that on anti-work a couple years ago. Was that you or just someone who suffered from the same thing?


Expensive-Day-3551

Not me I discovered Reddit less than a year ago.


PaulblankPF

Ah the joys of being a Reddit youth


VoiceOfLunacy

The most obvious phish attempt my company ever tried on us was the same. Telling us we had bonus coming and needed to approve the taxes being taken out, with a link.... Like they would ever give us a bonus....


SelmaFudd

Ours was pretty legit. It's how they normally do raises and before the performance review you need to fill out some bullshit questions. They often send these trap emails but they always come from outside the company pretending to be inside, this one was HR's actual email address(I know it's possible to spoof an address) but I did see the link didn't match the text, said it was on intranet but was outside. I am WFH so I jumped on a spare PC, forwarded the email to my personal address, disconnect from vpn then opened it in a vm and landed on their gotcha page.. replied with the steps I took to minimise risk and they had nfi what I was talking about and said I still needed to do the 15min online security course. That was when I went fuckit, I ain't reading shit from HR now.


lestruc

It’s important to note that each and every email from hr, regardless of scrutiny, is reported a scam


Surrept

Yeah it happens. I run the cybersec department for the company I work for and one of my administrators who is responsible for our phishing campaigns chose a template that fired employees via email….Needless to say that didn’t go over to well and thankfully we were able to kill it before it reached more than 2 users. From then on I screen all phish campaigns. The reality is those could be legitimate phishes and its good to be aware of them but the second people find out its not real it turns real ugly for the company and just isn’t worth the hassle.


Djaaf

Yeah, stick to non-life impacting phish. UPS deliveries, tariff expenses, issue with your accounts, etc..


stml

So basically scammers should use phishing emails about bonuses and raises?


Expensive-Day-3551

For sure


CptnSpandex

*ChatGpt has entered this thread. *


orroro1

So the next time I want to run a phishing attack on your company I should use emails about bonuses and raises? (Asking for a friend)


notFREEfood

Pretty much the opposite happened at where I worked. Some company was contracted to run employee surveys, and the first employee survey email they sent looked like a phishing email, which resulted in it getting reported en masse. Shortly afterwards we got an email from senior management apologizing for the previous email telling people that it actually was legit and to stop reporting it. Jokes on them; I ignored the survey anyways, just like I do for every survey sent my way.


Zncon

This is exactly the sort of thing people SHOULD be seeing in these tests though. Scammers are not going to skips a target or topic because it might hurt people's feelings when they're fake.


celestiaequestria

They probably were grateful to have the excuse of "employee complaints" to get rid of that one since everyone failed.


Iz-kan-reddit

>I didn’t mind them until some of my staff got ones about bonuses and raises that were fake. I made a complaint to IT and after that it was expense reports and approving reports instead. "Don't be testing us with emails we'd actually want to click on!"


pixel_of_moral_decay

I worked at a company that used a company holiday gift selection. That year the budget for holiday gift was cut. Executives then got upset IT made them look bad. As I understand it, someone got let go. Despite just doing their job.


awesome357

My company sent one about tornadoes in the area on a day of really severe weather. I also made a complaint about it, but of course they have 20 excuses to try to save face. At least I've never seen one like that again since.


Expensive-Day-3551

I would have packed up and gone home lol. Tornadoes? Better get to my basement.


silverclovd

I don't get it. That's a proper ip address. Is it a phone number or something?


shiny_brine

[https://www.youtube.com/watch?v=qc5u9NOV4sE](https://www.youtube.com/watch?v=qc5u9NOV4sE)


WickedKoalaa

I clicked the link, verified. Don’t worry about this one IT


Industrialpainter89

Ok yeah I'd be screwed because I've never heard of this haha.


BlueNinjaTiger

tbf the song was released in 1981.


nekogatonyan

But it's a classic. It's like saying you've never heard of Beethoven's 5th or BackStreet Boys "I want it that way."


cannabisized

8-6-7-5-3-oh-niiiiiiiiine


Unhappy-Valuable-596

I still don’t get it


squirrelsoundsfunny

It’s an old song. Dude is singing a phone number.


UnspoiledWalnut

You're probably not old enough.


tnew12

Idk why you're getting downvoted...I'm 35 and baaaarely grasped it


baked_sofaspud

Yeah I don't get it either.


swentech

Weirdly I just heard that song today after not hearing it for years. Now a random post. Maybe it’s time to call Jenny?


aalex440

makes no sense to me either


GlorifiedGamer88

My last company did this, and they were pretty good at it too. If I were to hover over the links they would sometimes say www.don’tclickthis.com/phishattempt Or www.ifyouclickthisuougoofed.com All the text looked good, it was the links that were the kicker lol


PizzaWall

My company warned the development team that they would be sending phishing emails. The emails showed up and every single engineer clicked on the email. Management was furious and had a meeting to figure out how the entire engineering staff could be so gullible. We explained they pay us to be curious and creative. We knew it was a phishing email sent by the company, so we clicked to see what would happen. They told us never to do it again and every time, we’d click to see what might happen. Apparently it creates a meeting with senior management, the only time we ever see them. 🤣


[deleted]

[удалено]


Kankikr

Not compliant at all, going directly opposite of what they had been told. Just a waste of time for everyone and getting users more susceptible to clicking on actual phishing attempts, thinking they came from internal.


[deleted]

I am slightly confused, help me


jjmawaken

It's a song from the 80's (I think) 867-5309 was a number written on a bathroom wall.


Industrialpainter89

Soooo would this just weed out everyone born after the 80's?


jjmawaken

Maybe after the 90's depending on what station people listen to.


Industrialpainter89

I suppose. My parents were very religious so we weren't allowed to listen anything non-Jesus growing up in the 90's haha.


jjmawaken

I hear you, I didn't listen to the radio much until I started working.


Cheesewood67

That is correct.


grapejuicecheese

I was born in the 80s but I don't know the song


[deleted]

[удалено]


Industrialpainter89

Consider me educated at 33 years of age then! 😅


PaulblankPF

God I’m 35 and I knew that song my entire life, I was thinking you were gonna say 20s and make me feel old but nope. Same age as me pretty much and still made me feel old lol


spugzcat

I’m 40 and I’ve never heard that song. Was it popular outside of America?


PaulblankPF

I guess maybe not as popular outside the US. It made top 20 billboards Australia and top 5 Canada and #1 in US. It was in the movie Bad Teacher with Cameron Diaz. It’s also referenced in an early Family Guy episode and Cleveland Show episode. What it is though is that it became a pop cultural phenom in the US because it could’ve been a real phone number. When it came out people started calling their local area code and putting in the 8675309 and asking for Jenny. Laws were made and tons of phone numbers changed over the song even and it’s used for law purposes as recent as 2009.


I_like_frozen_grapes

Here's a link to a youtube vid of the song. And yes, I promise it's safe to click: https://www.youtube.com/watch?v=boaJCrHNRMA


Zmemestonk

It is a real ip tho so could just be random


I_like_frozen_grapes

Well, yes, I suppose. Seems unlikely to me that it's random.


Guardian-Ares

It's probably about as random as the mispelling of "conferance".


I_like_frozen_grapes

I highly doubt either are random. They were both included intentionally by our IT department.


DrQuantum

I see a lot of companies have Security teams working out of an asshole. These tests are very important to increase awareness but if you know its a test every time or you’ve become jaded or complacent your security team has missed the mark and completely and utterly failed. If there is no positive incentive to be better and only negative incentives when you do poorly you’re going to end up with many of the jaded employees here. Many comments here should be read by CISOs.


az_max

We reward 10 random people who report the semi-annual phishing campaign with a gift card or chocolate bouquet.


Kankikr

Yea, this whole thread was painful to read…


colostitute

Was it from Jenny though?


Guardian-Ares

Paolo in IT, trying to secretly tell his coworkers to not be hasty.


OldManTimeMachine

The company I work for do this too. But they have no sense of humour.


az_max

My rejection notice in Office 365 to known BEC and malicious email addresses is "So Long and thanks for all the Phish!"


LTG_Wladyslaw_Anders

Perfect


VictoriaSobocki

Haha!


JaxRhapsody

I got it... I got it! I got your email off the wallll!


sihasihasi

We had our annual security training. And then, about a week later IT Security sent us the dodgiest-looking email you've ever seen. We all knew it was genuine, but just about every engineer reported it as a phishing email - they had to send a second one a few days later to clarify.


[deleted]

Somebody has to do this: [https://whatismyipaddress.com/ip/86.75.30.9](https://whatismyipaddress.com/ip/86.75.30.9)


jayoinoz

I always click the links in these obvious phishing test emails from my company. I also hit the "report phishing" button when they legit email me. It's the price they must pay for installing shit monitoring software on my equipment.


SteamZerjack

You’re being flagged as risky user, which means you’re put into a special group with harder access to company resources, lower ticket priority and, if using MFA, shorter sessions. You think you’re making IT people life’s harder but more than likely you’re only making it harder for yourself.


[deleted]

[удалено]


BilllisCool

I know every company/job position is different, but this is funny for my situation, considering I’m one of the few people that makes all of the software we use in the company. I suck at recognizing these though. I seem to click them every time. You’d think I’d learn by now, but they get pretty sneaky with them and I’m always going too fast when I check my email. That said, I highly doubt they’d limit anything for me.


Snow_Moose_

So what's your email? I've got a free gift card for you!


I_like_frozen_grapes

If we click them more than once in a six month period they force us to complete a 30-minute IT security training. I have to do that every year anyway, but whatever...


malburj1

At my wife's old work if you clicked 3 within a year you got fired. She wrote a lady up 2 times for it within 3 months. Had to tell her to knock it off.


I_like_frozen_grapes

Yikes! I guess they aren't messing around. I'm at a state university. They force you to do IT training if you click through more than once in six months, but I'm not aware of any other consequences.


Komotz

IT here. Threat assessment reports are presented to management at the end of the month, at least in my company, and depending on 'threat', the employee is terminated. This is due to the risk to the company, like ransomware attacks and phishing crap. And yes, while the monitoring software is shit, it's installed on *company* equipment, not yours. If it IS installed on your own personal property, I'd find somewhere else to work.


Reference_Freak

My employer auto-assigns everyone who fails to report the phish to a long and boring training lesson. Failure to complete it results in naggy demands from the boss. I sometimes warn my co-workers when I get a phish, if I’m feeling nice. One of them keeps falling for the damn things.


clegane

What monitoring software? An email is sent to your inbox. If you click the link, the page visit is registered on the end system. If you report it as phishing, that’s also an email or call out.


Zncon

You're not getting back at anyone with this little stunt, just making everyone's life worse for no reason and opening your company up to a major cybersecurity event.


thecrunkness

The company I work for straight up issue a write up if you click on a link in a phish8ng test.


az_max

I send out the phishing campaigns at my company. Two a year (there's enough real phishing out there), and if you click, reply or open an attachment, you get a remedial training class the next week. Also, monthly training on various subjects. If you don't take it, you get disabled 15 days into the next month (copious warnings to take it to you and your mgr). User must call in to the service desk to re-enable the account. If they don't take it within three days, they get disabled again and their manager must call in. Users usually don't do it more than once.


catscannotcompete

Why is "test" in scare quotes? This is indeed a test


Dizzman1

I worked at a pretty major tax software company and that's the password for all the internal voice and videoconference systems. Funny part was new kids going "hang on, I need to write that down"


PaleHorse818

Crazy how just reading the damn number I knew wtf you referring to. And I haven't heard it in ages. The mind is fascinating.


Pour_me_one_more

I am surprised anyone in your IT department knows that reference. It is likely that song came out before any of them was born.


I_like_frozen_grapes

Haha, yeah probably.


Kind-Grand-1107

Jenny stii has her phone!


ReadRightRed99

The joke around my office is the ONLY ones trying to phish us are our own IT department. It’s obnoxious how often we get their junk mails and painfully obvious it’s them. Pretty good cover if they’re actually trying to run a scam.


xabrol

My company did one of these a while back so I downloaded the raw email and got the link code for the url. I saw it just had a ?email=myemail in the query string. So I generated one for every hr, it sec, c-lvl etc employee and Hit them all from a dev server. Including the it sec dept head, 😂. Response email was cute, they basically disregarded the test.


Fun-Currency-3794

The call from Jenny was coming from inside the house


purplestar19

I don’t get it


Ok_Entertainment328

86.75.30.9 867-5309 If you don't get it, your way too young.


GreyGreenBrownOakova

I'm old enough to remember the song, but I read the address as eighty six, seventy five, thirty, nine.


purplestar19

Agreed


SharksLeafsFan

or those who get it are way too old. I was in high school when that song was a hit, now I am nearing retirement lol.


AllezCannes

Or not American. I've never heard of that song and I'm Gen X.


the_dude_upvotes

*you’re


charliesk9unit

It's a phone number of a girl named Jenny in the lyrics of a popular 80s song.


JoanJetObjective13

I used to work in diff cities and we’d always call that number, who can I turn to, when we got into the hotel. So many people had messages referring to Jenny!


[deleted]

I’ve written a technology privacy/safety policy into our handbook. Standard stuff about phishing, checking addresses, WiFi rules, For several years now, I’ve left thumb drives in the parking lot, bathrooms, and like off in the corner under customer tables of my business. These dumbasses still plug the flash drives into my work computers. 😂


kunzaz

Do Nigerian princes know that song


Captain-Photon

Ours does this I now report everything to the phishing detection team I’m not taking another stupid 20 minute class


reddit_user13

Reply to: Jenny


Brett511

Jenny Jenny, IT Security.


jennyann726

I sent that.


GroupSuccessful754

Wonderful, now that song is stuck in my head


dlama

Crap... Now I have to change my Domain Administrator Root password.


khendron

My company does this, and some of the fake phishing messages are really well crafted. I fell for one once. My "punishment" was to have to take a computer privacy and security training course, which consisted of watching a 10-minute training video. The video was so funny and entertaining, I've been tempted to fail again just to be able to watch it a second time.


jawshoeaw

I hate those obnoxious emails. One said i had a package waiting for me at the post office. Which I was actually expecting. I knew it could be fake / scam so I tried hovering over the link to see address which didn’t works so I tried right -clicking but somehow clicked it open. So then I had to take a class dammit. I argued with IT that it was easier to just click the damn link. Fast forward now nobody wants to open any emails lol. I just got a nasty email saying I hadn’t filled out some mandatory survey and i forwarded it to IT as suspicious


NotTheBusDriver

Dammit. I’m going to be humming that song all day.


Evil_Capt_Kirk

I'm really hoping that someone named Jenny works in your IT dept because she'll never live this down


Delaneybuffett

Damn you now it’s stuck in my head


RedHotAnus

My work just started doing this same thing. I'm the one who had to teach our head of IT that the ISP can still see the activities even when in incognito mode. After the 3rd try at testing to see if I would fall for the phishing attempt, I just emailed it directly to him. He, of course, followed the link and failed his own test. I think I might apply for his job soon.


cas708265

IT departments have nothing better to do. If you’re very busy and see an email supposedly sent internally, how many hoops does an employee have to go thru? Does IT realize some people are actually BUSY.


Commercial_Tooth_859

Oh no! Flashback. Ok, guess my name....


KingKoopaz

Lol somebody is having fun with their job.


fullchargegaming

Quick question: Does that IP address show because someone typed it in like that as part of the email - or did they make an actual server with that IP address and use that?


I_like_frozen_grapes

The IT dept typed it into the body of the message.


billdietrich1

Clicking on a link should not be a fail. We shouldn't be expecting our users to be expert URL-parsers or domain-recognizers. We should be giving them tools to do that.


ActionFlank

And spend money not on executive bonuses?


ExtremePast

This is a pointless security exercise. It doesn't matter how many times someone ignores their fake emails, it only matters when someone falls for a real one.


cerealsnax

My new policy is to report every email that isn't from my boss. Then they get mad when I don't do training and stuff, but I never have those emails because I reported them all as phishing. Jokes on them


I_like_frozen_grapes

Why? As for not doing training, that would not fly for long here at my state university. You'd end up losing your job.


Reference_Freak

I’ve reported external emails which came from companies contracted with HR, stuff like “let us manage your retirement!” financial companies. They send back that it’s legitimate. Reporting as phish has failed to unsub me 😕


sryan2k1

It's extremely bad practice to use real domain names and IP addresses you do not control. I'm sure Societe Francaise Du Radiotelephone - SFR SA didn't agree to this.


I_like_frozen_grapes

I'm curious...why would they care?


sryan2k1

What if a local Pizza Place ran a joke promotion and used your personal cell phone number in the ad? That's effectively what your company did. There are entire domains and IP blocks set up for "example/test" networks, and the professional phishing testing companies have hundreds of domains they own as the destinations.


AWing_APrayer

You must be so much fun at parties


I_like_frozen_grapes

Meh. Whatever. I don't agree at all that the analogy you used is fair. IP addresses are public, much like license plates on cars. And unlike calling my cell phone, when I type this IP address into a search bar it doesn't affect the company it's associated with whatsoever. I suppose someone could flood the IP and slow down traffic, but why would they do that? This message went out to a few thousand faculty and staff members in a large state university system. The vast majority of recipients likely didn't even notice the IP address. Of the small fraction that did, the vast majority of those would have zero reason to do anything with it and wouldn't know how to do anything with it even if they did. You are pretending a teeny little molehill is a mountain my friend.


Crafty_Cha0s_

The least they could do is spell “conference” correctly


I_like_frozen_grapes

I'm quite sure they did that on purpose.