this post was submitted on 21 Jun 2023
245 points (100.0% liked)

Technology

37735 readers
55 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
top 28 comments
sorted by: hot top controversial new old
[–] scrubbles@poptalk.scrubbles.tech 99 points 1 year ago (1 children)

part of a "sophisticated phishing campaign"

read: Cheryl in accounting typed her credentials into a random form.

[–] TechyDad 58 points 1 year ago (2 children)

Email: "Hi, this is IT. It looks like your password is expired. Please change your password by clicking this link. Ignore the weird from address and the fact that the link obviously goes to a noncompany website. We're really from your IT department. Promise!"

Way too many users: "Yup. This looks legit. Better coick that link and enter all of my information right now!"

[–] TheOtherJake 42 points 1 year ago (2 children)

"Hi Karen , this is HR. You can now log anonymous complaints about IT, by logging into this external website with your company credentials. We provide this for your security because IT is able to monitor in network communication."

[–] shmushroomsh 18 points 1 year ago (1 children)

You guys are killing me! I know so many people who get their Facebook profiles hacked like this. It just cracks me up because it seems silly to fall for. It always looks wrong and the address is ridiculous.

[–] Laneus 11 points 1 year ago* (last edited 1 year ago) (1 children)

on some level, scammers are deliberating targeting the easiest marks. If you send out millions of phishing emails, you're looking to catch a dozen or so of the least tech savvy people you can.

[–] shmushroomsh 1 points 1 year ago (1 children)

That's true cast, a big net I guess.

[–] TechyDad 1 points 1 year ago

And it's a cheap net to use. If I were to lose all sense of morals, I could buy a list of 1 million emails for very little money. Crafting and sending an email to each of those emails would essentially be free. (There's some cost involved, but it would be very low.)

If I got a 1/100th of 1% reply rate, that's 100 victims. Get $1,000 from each of them and you've got yourself a tidy profit.

Thankfully, there are spam filters and other technologies that can reduce the success rate, but it's so cheap to send all those emails that pretty much any success can result in profit. And as long as it is profitable, spammers will keep sending out their messages.

[–] Hirom 5 points 1 year ago* (last edited 1 year ago) (1 children)

There are legitimate third party services for company to receive anonymous ethics complains, or to poll employees pseudo-anonymously.

If done well it's not using the company credentials.

But it would indeed a sneaky way to fish employees.

[–] argv_minus_one 4 points 1 year ago

Legitimate? Anything like that is at least one of two kinds of painfully obvious trap, namely:

  1. It's some kind of criminal operation looking to commit industrial espionage, collect credentials, etc.
  2. It's not actually anonymous, and is in fact being used by the company to root out and get rid of insufficiently loyal employees.
[–] dan@upvote.au 1 points 1 year ago (1 children)

A lot of companies now configure their email security software to prepend a "this email came from an external source. Be careful!" notice to all emails that come from outside the company, to try and avoid issues like this.

[–] TechyDad 1 points 1 year ago

My company does this. They also have an outside agency regularly send fake phishing emails to everyone. Invariably, some people always fall for it no matter how much education is done. At least, when they fall for the fake phishing emails, though, my company can gauge just how much education is needed to prevent real phishing attempts from succeeding.

[–] cyd@vlemmy.net 46 points 1 year ago (1 children)

Spez won't agree to the API demand, because it's a matter of ego and credibility for him now. His whole big shot tech-bro CEO shtick depends on ramming this through, like his hero Elon.

So I guess we'll see if there's anything interesting in the corp data..

[–] Fauxreigner 14 points 1 year ago (1 children)

So I guess we’ll see if there’s anything interesting in the corp data…

My guess is it'll get sold, not made generally public.

[–] Mothra@mander.xyz 3 points 1 year ago

I'm too naïve. Who else would be interested in that kind of data...? It's not personal details and profiles, right? I guess I'm disappointed that if you are right, the public will never see who they shadowban or whose github got trolled.

I just wanted the goss, but I'm no millionaire. :(

[–] Mothra@mander.xyz 40 points 1 year ago (1 children)

Wo wow wow I thought it was a hoax! Looking forward to reading the leaks

[–] cavemeat 30 points 1 year ago

Me too, I wasn't expecting reddit to actually confirm it

[–] Drusas@kbin.social 34 points 1 year ago

The company falling victim to phishing should be pretty damned embarrassing to them.

[–] BarrierWithAshes@kbin.social 20 points 1 year ago

Talk about timing geez.

[–] Hirom 18 points 1 year ago* (last edited 1 year ago)
[–] jeebus@kbin.social 17 points 1 year ago

Spez you dumb ass. He needs the 0hishing training emails.

[–] Stellario@pawb.social 16 points 1 year ago (1 children)

Part of me wants to go to Reddit to post my dick pics in every forum. "Post your dick and/or boobs for great Justice!"

[–] get_the_reference_@kbin.social 8 points 1 year ago (1 children)

Let's do that in Lemmy instead!

[–] Clairvoidance@kbin.social 8 points 1 year ago (1 children)
[–] gk99@kbin.social 23 points 1 year ago (3 children)

Nah, reddit is taking so long with the data requests it'd probably be easier to just ask these guys.

But seriously, this confirmation makes reddit look so much worse right now.

load more comments (3 replies)
[–] ipkpjersi@lemmy.one 3 points 1 year ago

Oh No! Anyway

load more comments
view more: next ›