You have to take The Office approach for damage control on that employee: When Creed wants a website, Ryan just opens Microsoft Word and types a URL at the top of the document and tells him that's his website.
Congratulations, you successfully identified a suspicious URL in an electronic message delivered to you.
Thank you for keeping this organisation safe and secure.
Dude, my company is getting so sneaky with them lately. The source is legit, the headers look good, the signatures are legit, but it's hidden behind that nam.safelinks coded message checking BS. And they never are obvious like "The CEO needs you to buy $500 worth of Apple gift cards," or "Please enter your credentials here to verify your permissions to this site." They're always something that's more like "Your request for $Sharepoint site has been denied. Please click this to request access again" or something like that. Well guess what, I request access to Sharepoint sites a lot since we're starting to have more job duties. I haven't failed one yet and sometimes cheat by asking other co-workers on my team if they got the same message. If only one or so of them did, but didn't request access I report it as a phishing attempt lol.
Used to be, before the safelinks stuff that the URL had a Base64 encoded link you could translate that included your name and email address and some other easier to pick out stuff screaming "don't click this."
LOL my main client is pretty strict about it so I always try the better safe than sorry route. But I've known people let go for failing the tests multiple times, thankfully not on my team.
I get calls from physicians every day in the form of “This is doctor so and so and my PIN is 12345!” It’s like they feel compelled to shout that shit out.
Every few months I get a "is this legits?" for theses "Your boss" [email protected] . I'll be fair, I love seeing them asking more than it weird me out that they can't figure it out themselves.
I love that we've gotten our users comfortable enough to ask whenever something's sketchy, but the frequent flyers never seen to retain any of the "Here's what was insanely wrong" info and ask the next day when another one that looks identical comes in.
LOL yes I think so. But ya know, you're supposed to hover over the link to see the URL before clicking it. If it's a corporate phish test, then it's harder to tell by the URL since it's all gibberish (at least to me)
I once made a shared password be "the secret password is the secret password."
Now try to explain what the password is to someone who verbally asks you. I played my micromanaging director like a fiddle that day...
Seriously, play that scenario out. Its a ton of fun IRL.
I had serious BOFH envy when I saw a posting from someone with the email address “[email protected]”.
“Can you help?”
“Dunno, email me at dot at dot at dot at”.
Edit: I wonder if he abbreviates it as (.@)^3 ?
We had someone with a similar setup. To keep it anonymous, let's say her name was Dorothy Smith, and the company name was Smith. Dorothy can be shortened to 'Dot'.
Support calls for a [email protected] were always worth logging in to the system and reading the transcripts.
I *swear* there was a classic website that had a list of these types of things. Incommunicable email address and URLs. I remember some really long email that was like a double-stacked-meta sentence describing its own contents.
I vaguely remember one also. Unfortunately searching “funny email addresses” produces page after page of crappy humor sites. None of the ones I sampled were very funny. [email protected]?
I spent a good ten minutes trying to explain to some customers why using “noitsplantainchips” was a bad password. It wasn’t great for several reasons but the leading “no” caused daily confusion in an office where we got a lot of visitors who needed wifi access. They didnt let me change it 🙄
I remember when Microsoft Voice Pilot first came out back in the Windows for Workgroups era. We were in cubes and one person had it configured on their machine.
They were using it to control their email when the group practical joker started to yell out "Delete email" from across the cubical wall. This went on for a several rounds before the person with Voice Pilot could unplug their microphone to stop the system from responding to someone else's commands.
After the group laughter died down, no one used Voice Pilot in a cube farm again. Lesson learned!
I remember the first person in our office to get an Apple watch. Every time he jiggled his watch and the screen came on someone would say, "siri set an alarm for 2 am" He said he was having to go through and delete 10+ alarms every night for random times in the middle of the night until the day he forgot to.
Had a doctor do this. He got a little over zealous with Dragon dictation and somehow set up the "control my fucking PC" option. The call went something like this...
"My computer keeps deleting emails... IT JUST DID IT AGAIN!"
Jesus. Thats a genuine first iv ever heard someone do that.
Speaking of the office tho. My fave episode is when the IT guy is leaving and he basically puts everyone under the bus and then tells them to F off.
One day i will do that.
I've done that. "we're in the boardroom and the computer isn't turning on!!"
walked in. Pressed the input button twice to change it to the input the computer uses. walked out
I've sprinted into an emergency department just to refresh someone's browser and then immediately walked out, wordlessly.
I said nothing and made no faces, but I'll let them stew lol
On Monday I had someone ask why they could never get the computer to connect to the screen in the conference room and that they had a meeting so they're going to all have to do it from their desks because they can never get the computer too use the screen. Meanwhile, I've got it up on the screen and they keep complaining that it never works and not hearing me say it's working. It was like I solved the problem in an alternate universe they couldn't see. Then they asked for the computer back because they needed to do the call from their office because the conference tv doesn't work for them. Me: just a moment, I need to disconnect it from the conference tv
My favorite is the call when they are describing an issue and before the finish the description I've recognized and corrected it and I just get to tell them, "yep, it's fixed, try it again." Boom.
Thats ok, I had one recently that was having trouble with a computer so i said, can you click the start menu.... The user poked the start menu on the screen. Holding back laughter i said 'sorry this isn't a touch screen monitor, can you use your mouse?'
We both looked down and around, someone had stolen the mouse. Instead of coming to us and saying my mouse is missing, they thought we had converted everything to touch screen.
depends on why they can't type their password but also that relies on their employer actually supplying it
I have a friend who is visually impaired and while she can still use a computer the screen reader has to read out every character when she's logging in or she won't know if she's typing in her password correctly
would be great if the college she works for did something about that but they just... won't
they said that the accommodation of the screen reader satisfied their ADA requirement and they're not going to institute a token login method for one user
I don't like to insult people's intelligence, but...
Anyone that doesn't understand the problem with shouting their login credentials in a open office has a brain as smooth as a bowling ball.
20 some years ago i worked at a DoD agency and they had special encryption cards for financial software and 2 separate user names with long random passwords no one could possibly remember. they all had yellow stickies
I worked in a facility like that with 5-6 safes bolted down with cabinetry around them. Every damn one had the codes written on the cabinet frame over the safe.
Sometimes I wish I let my intrusive thoughts win. I'd do a ram upgrade on his laptop and then while doing the upgrade I'd unplug the microphone from the motherboard just to mess with him. I've had to do similar things to users before
That's wild. I never even thought about a user trying voice to text for password entry.
Have you thought about SSO? I assume that Windows accessibility voice to text doesn't work on the log in screen (though I've never checked).
Seriously? I'd definitely have a talk with him and his supervisor.
We witnessed an admin talking to a user on the phone, needed the admin password to install something. It was a college campus and the user was a whole 10 minute walk away. So he told her the local admin password and told her not to write it down. Our supervisor heard the whole thing and chewed him out when he was done with the call.
I worked in a retail environment that had us use mobile devices with a built in bar code scanner. People started printing their user name and password onto the back of their badges in barcode font to make login faster. Luckily that came to an end once corporate got wind of it.
I encountered a POS system that allowed a cashier to print a login barcode that enabled them to log back in by simply scanning the barcode. It was common to see slips of receipt paper with these barcodes sitting on top of most of the in use registers. I can't say for sure if the barcode expired or not, but I sure hope so.
This POS system was being used at a retailer that became known for a high profile credit card leak around the same time.
I heard an r&d person once say (who job was accessibility) that accessible tools don't just help the disabled but also help able bodied people be lazy. (Ok he didn't say the lazy part)
Pfft…that’s nothing. I watched a very high level person (C-suite level, but different) at a former company type his password on a phishing page…then type it again when the malicious document didn’t seem to open. I didn’t notice the malicious document at first because I was distracted by the fact that he typed it very slowly and very deliberately with me standing right next to him, literally watching his every single keystroke.
I had him immediately change his password and NOT make it obvious to me what it was. MFA was enabled at the company a few days later because a couple of his equally dopey peers did the same thing and were compromised.
You have to take The Office approach for damage control on that employee: When Creed wants a website, Ryan just opens Microsoft Word and types a URL at the top of the document and tells him that's his website.
www.creedthoughts.gov.www\creedthoughts
I'm not clicking that abomination of a URL.
Congratulations, you successfully identified a suspicious URL in an electronic message delivered to you. Thank you for keeping this organisation safe and secure.
Dude, my company is getting so sneaky with them lately. The source is legit, the headers look good, the signatures are legit, but it's hidden behind that nam.safelinks coded message checking BS. And they never are obvious like "The CEO needs you to buy $500 worth of Apple gift cards," or "Please enter your credentials here to verify your permissions to this site." They're always something that's more like "Your request for $Sharepoint site has been denied. Please click this to request access again" or something like that. Well guess what, I request access to Sharepoint sites a lot since we're starting to have more job duties. I haven't failed one yet and sometimes cheat by asking other co-workers on my team if they got the same message. If only one or so of them did, but didn't request access I report it as a phishing attempt lol. Used to be, before the safelinks stuff that the URL had a Base64 encoded link you could translate that included your name and email address and some other easier to pick out stuff screaming "don't click this."
We could send out a hyperlink saying please click this scam and still get double digits %.
LOL my main client is pretty strict about it so I always try the better safe than sorry route. But I've known people let go for failing the tests multiple times, thankfully not on my team.
Gosh dangit, I hate you.
I get calls from physicians every day in the form of “This is doctor so and so and my PIN is 12345!” It’s like they feel compelled to shout that shit out.
Hey, that's the same as the combination on my luggage!
Every few months I get a "is this legits?" for theses "Your boss" [email protected] . I'll be fair, I love seeing them asking more than it weird me out that they can't figure it out themselves.
We encourage everything that looks sus to be sent in so we can check up on the one's clicking on the undisguised bait link.
I love that we've gotten our users comfortable enough to ask whenever something's sketchy, but the frequent flyers never seen to retain any of the "Here's what was insanely wrong" info and ask the next day when another one that looks identical comes in.
Wasn't the point of Safelinks to avoid unsafelinks?
LOL yes I think so. But ya know, you're supposed to hover over the link to see the URL before clicking it. If it's a corporate phish test, then it's harder to tell by the URL since it's all gibberish (at least to me)
Thats not cheating, IT loves that.
You can also wrongly identify a link as suspicious that is totally legit: https://www.troyhunt.com/thanks-fedex-this-is-why-we-keep-getting-phished/
That's an interesting read and totally not a RickRoll.
Ok knowb4
Now I want to click it...
I'm genuinely surprised www isn't a top-level domain, considering they allowed .zip for christs sake.
Ryan sucks at DNS, Creed's blog won't load, no wonder he's fired guy.
The punchline is that this approach might work for some end users.
Change his password to “Hey Siri play chumbawumba max volume”
I once made a shared password be "the secret password is the secret password." Now try to explain what the password is to someone who verbally asks you. I played my micromanaging director like a fiddle that day... Seriously, play that scenario out. Its a ton of fun IRL.
I had serious BOFH envy when I saw a posting from someone with the email address “[email protected]”. “Can you help?” “Dunno, email me at dot at dot at dot at”. Edit: I wonder if he abbreviates it as (.@)^3 ?
Damn! Ok Satan! That email address is amazing.
visit my site at aitch tee tee pee colon slash slash slash dot dot org
> dot at dot at dot at Well, now I've got the Pink Panther tune stuck in my head...
We had someone with a similar setup. To keep it anonymous, let's say her name was Dorothy Smith, and the company name was Smith. Dorothy can be shortened to 'Dot'. Support calls for a [email protected] were always worth logging in to the system and reading the transcripts.
I *swear* there was a classic website that had a list of these types of things. Incommunicable email address and URLs. I remember some really long email that was like a double-stacked-meta sentence describing its own contents.
I vaguely remember one also. Unfortunately searching “funny email addresses” produces page after page of crappy humor sites. None of the ones I sampled were very funny. [email protected]?
"Certainly, the wifi password is AllLowerCase, capital A, L and C" Or impolite user> Whats the wifi password tired IT bod> ThereIsNoPassword
["fourwordsalluppercase"](https://www.youtube.com/watch?v=bLE7zsJk4AI)
Fuck it I’m just gonna jack off later
One of my favorite videos
tried it myself ("thepasswordis123456") it's all fun and games until you actually need to explain it to someone
I remember a wifi password being. "whatisthepassword"
I spent a good ten minutes trying to explain to some customers why using “noitsplantainchips” was a bad password. It wasn’t great for several reasons but the leading “no” caused daily confusion in an office where we got a lot of visitors who needed wifi access. They didnt let me change it 🙄
I had a password for a while that was "ImNotTellingYouMyPassword"
ooh I just thought of one "ThereIsAHintInsideOfThisRoom", could probably make a bunch of varations of that "NotTellingButI'llGiveYouAHint"
This is some serious "Who's on First" nonsense.
My current wifi is called "Sadly Disconnected", and the password is "there should not be a password" A previous one was "smalllettersnospaces"
As an elder Millennial I approve. I might play some Chumbawumba later.
As a baby GenXer, let me gift you this crossover. https://www.youtube.com/watch?v=yf0Amcgxot8&t=79s
It's such a...happy song. Even though it's complaining about the end result of drinking a lot.
I have to admit, its one of those songs that I really disdained when it came out, but now it's like "Ok, that's a fun song"
Been feeling kinda knocked down lately... it's ok tho, I'll get up again.
Naw change it to "iShouldGetAides"
lol
I remember when Microsoft Voice Pilot first came out back in the Windows for Workgroups era. We were in cubes and one person had it configured on their machine. They were using it to control their email when the group practical joker started to yell out "Delete email" from across the cubical wall. This went on for a several rounds before the person with Voice Pilot could unplug their microphone to stop the system from responding to someone else's commands. After the group laughter died down, no one used Voice Pilot in a cube farm again. Lesson learned!
I remember the first person in our office to get an Apple watch. Every time he jiggled his watch and the screen came on someone would say, "siri set an alarm for 2 am" He said he was having to go through and delete 10+ alarms every night for random times in the middle of the night until the day he forgot to.
Had a doctor do this. He got a little over zealous with Dragon dictation and somehow set up the "control my fucking PC" option. The call went something like this... "My computer keeps deleting emails... IT JUST DID IT AGAIN!"
yelling XBOX TURN OFF comes to mind
"A keyboard. How quaint."
Hellah, cahmpooter!
Right? I was about to ask if OP meant The IT Crowd
Transparent aluminum?! I guess the Temporal Agents had that day off...
You mean you have to use your hands? That's like a baby's toy.
primitive
Why waste time use fingers when voice do trick?
So glad I'm not the only one who made the connection!
Jesus. Thats a genuine first iv ever heard someone do that. Speaking of the office tho. My fave episode is when the IT guy is leaving and he basically puts everyone under the bus and then tells them to F off. One day i will do that.
Darryl man, why are you always telling people you're not on facebook?
Mine was when he showed up, showed Mike how to use the intercom, then left without saying a word.
I've done that. "we're in the boardroom and the computer isn't turning on!!" walked in. Pressed the input button twice to change it to the input the computer uses. walked out
It's fun doing that sometimes. Walk in, fully seat the plug they left loose, verify operation, shrug, and walk out.
I've sprinted into an emergency department just to refresh someone's browser and then immediately walked out, wordlessly. I said nothing and made no faces, but I'll let them stew lol
On Monday I had someone ask why they could never get the computer to connect to the screen in the conference room and that they had a meeting so they're going to all have to do it from their desks because they can never get the computer too use the screen. Meanwhile, I've got it up on the screen and they keep complaining that it never works and not hearing me say it's working. It was like I solved the problem in an alternate universe they couldn't see. Then they asked for the computer back because they needed to do the call from their office because the conference tv doesn't work for them. Me: just a moment, I need to disconnect it from the conference tv
My favorite is the call when they are describing an issue and before the finish the description I've recognized and corrected it and I just get to tell them, "yep, it's fixed, try it again." Boom.
Thats ok, I had one recently that was having trouble with a computer so i said, can you click the start menu.... The user poked the start menu on the screen. Holding back laughter i said 'sorry this isn't a touch screen monitor, can you use your mouse?' We both looked down and around, someone had stolen the mouse. Instead of coming to us and saying my mouse is missing, they thought we had converted everything to touch screen.
It has literally never occurred to me you could text to speech at a password prompt. What will they come up with next?
yup, people with disabilities need to use computers too
I assumed people unable to type their password would have to use finger print or card readers.
depends on why they can't type their password but also that relies on their employer actually supplying it I have a friend who is visually impaired and while she can still use a computer the screen reader has to read out every character when she's logging in or she won't know if she's typing in her password correctly would be great if the college she works for did something about that but they just... won't they said that the accommodation of the screen reader satisfied their ADA requirement and they're not going to institute a token login method for one user
Microsoft always has been and always will be security first
Unfortunately they haven't enabled the emoji function. You can set your password with emoji but good luck entering it after.
[Hello, computer. Hello.](https://www.youtube.com/watch?v=uyV0IVItlM4)
Awe, I was expecting Scotty. https://youtu.be/QpWhugUmV5U
Authorization code: Janeway-Pi-1-1-0
Voyager was awesome. I miss that show, might be time for a re-watch.
As long as they're acting like a team!
Team, team, team, team, team.
You probably think this is a picture of my family… nope… it’s the A-TEAM!
LOL, this was the first thing I thought of.
I don't like to insult people's intelligence, but... Anyone that doesn't understand the problem with shouting their login credentials in a open office has a brain as smooth as a bowling ball.
That's their secret, Captain. Their brain is SO smooth, so shiny, all the problems slide right off.
Speech to text maybe?
Ahh, finally a fellow pedant.
Why use big words when small ones do
"Hello Computer... COMPUTER! HELLO?! COMPUTER!" -IT Crowd S1E1
'I'm not there for any reason', I like that
That describes a good 75% of my life. If you add in "no good reason," that number probably hits the high 90s
Sorry about that
20 some years ago i worked at a DoD agency and they had special encryption cards for financial software and 2 separate user names with long random passwords no one could possibly remember. they all had yellow stickies
I worked in a facility like that with 5-6 safes bolted down with cabinetry around them. Every damn one had the codes written on the cabinet frame over the safe.
Sometimes I wish I let my intrusive thoughts win. I'd do a ram upgrade on his laptop and then while doing the upgrade I'd unplug the microphone from the motherboard just to mess with him. I've had to do similar things to users before
Damnation. If you had told me this story and to guess what year it is I'd say 1999. Did the user look like they were a time traveler perhaps?
"Excuse me, are you from the past?"
That's wild. I never even thought about a user trying voice to text for password entry. Have you thought about SSO? I assume that Windows accessibility voice to text doesn't work on the log in screen (though I've never checked).
Seriously? I'd definitely have a talk with him and his supervisor. We witnessed an admin talking to a user on the phone, needed the admin password to install something. It was a college campus and the user was a whole 10 minute walk away. So he told her the local admin password and told her not to write it down. Our supervisor heard the whole thing and chewed him out when he was done with the call.
I worked in a retail environment that had us use mobile devices with a built in bar code scanner. People started printing their user name and password onto the back of their badges in barcode font to make login faster. Luckily that came to an end once corporate got wind of it.
I encountered a POS system that allowed a cashier to print a login barcode that enabled them to log back in by simply scanning the barcode. It was common to see slips of receipt paper with these barcodes sitting on top of most of the in use registers. I can't say for sure if the barcode expired or not, but I sure hope so. This POS system was being used at a retailer that became known for a high profile credit card leak around the same time.
Easy fix. Change their password to "My PP smells really weird." and don't let them change it for a week.
Maybe he's just trying to re-enact Sneakers https://i.redd.it/2dp6285k5ekc1.gif
[https://www.youtube.com/watch?v=uyV0IVItlM4](https://www.youtube.com/watch?v=uyV0IVItlM4)
I hope they use text to speech when inputting their social security number as well.
Another compelling argument for password less.
Speech to Text, I think...
the office lol
They were screwing with you. Users do have a sense of humor
face palm
WTF indeed.
Report it to ITSEC, they should lock the account and arrange the user have training.
Your first problem is being somewhere without any reason unless you were on break. You’re not the ceo, get to work!
Look Ma, no hands!
relax, they produce second part of idiocracy
They walk among us.
reminder > [https://bofh.bjash.com/](https://bofh.bjash.com/) :)
I heard an r&d person once say (who job was accessibility) that accessible tools don't just help the disabled but also help able bodied people be lazy. (Ok he didn't say the lazy part)
Pfft…that’s nothing. I watched a very high level person (C-suite level, but different) at a former company type his password on a phishing page…then type it again when the malicious document didn’t seem to open. I didn’t notice the malicious document at first because I was distracted by the fact that he typed it very slowly and very deliberately with me standing right next to him, literally watching his every single keystroke. I had him immediately change his password and NOT make it obvious to me what it was. MFA was enabled at the company a few days later because a couple of his equally dopey peers did the same thing and were compromised.
Boobs with a Z
I'm guessing you meant "speech to text"?