Phishing-for-Failure-02
Scams

Phishing for Failure

Becky Newton
by May 30, 2023

IT or Not IT? The Comical Tale of Dodging Phishing Scams in the Office Jungle

Short on time? Listen instead.

Like many of us in America and beyond, I work for a large organization with an equally large tech department.  The IT department is elusive and all-powerful, similar to mythical creatures in ancient cultures like the Sphinx or even a dragon.   I’ve heard of coworkers who have actually seen the tech people, though, and I have even spoken to one of their numbers on the phone.  To be honest, the general opinion of the tech folks is not fantastic.  We don’t sing their praises.  Most often, it’s quite the opposite.  The phrase “the tech people” usually is accompanied by some four-letter words.  

I have been guilty of this malignment myself.  Calling IT gives me hives, so I try to avoid it.  I can fly under the radar, and they won’t bother me, either.  I can just be one of the thousands toiling away, trying not to attract the attention of the tech department.  I’m sure many of you all try this tact as well.  It works for the most part.

Dodging Digital Dragons: The High-Stakes Game of Phishing Tests

But then, an email arrives.  It’s from the makers of one of the programs I use every day, and it tells me that my IT department has decreed that it’s time for an update.  I think, “Oh, OK.  No worries!”  But then I think, “Is this one of those darn tests?  One of those ‘Is this a phishing email or is it real?’ tests.  If it’s a test, I have to push the button on the top of the email “report as SPAM!”  If it’s not, then I get an update.  If it’s a test and I DON’T push the button, I’ve failed.  If it isn’t a test, then I get an update.  Back and forth, back and forth.  My finger hovers; my brain whirls and slowly begins to fry.  Do I push the report button?  Do I not push the button?  My heart begins to race.  My palms start to sweat.  I get a sudden twitch in my eyelid.  Do I?  Don’t I?  

When ‘Spam’ Became a 4-Letter Word: Navigating Email Security in the Workplace

Now at this point, I’ve wasted a good five minutes.  I’ve gone from being a calm, productive professional to a sweaty, twitching, indecisive lump incapable of making my fingers move the mouse to the “report” button.  I swallow, close my eyes, and push the button.  No harm done if it’s not truly a phishing test.  And, YAY!  The popup says, “Congratulations!  You passed this test brought to you by IT.”  I gulp with relief and want to dance around the office like a toddler who just got exactly what I asked Santa Claus for Christmas.

I know that IT does this to keep us on our toes.  I know it also serves a greater purpose, in that it shows IT those employees who could possibly need a refresher training course (emailed link, of course.  They wouldn’t REACH OUT and talk to the failures.)

Two things bother me about this process, though.  

The first is the sheer amount of time wasted in the “Push it or Don’t” process.  I waste a minimum of five minutes.  I am one of several thousand employees.  I know I am not the only one who dithers indecisively for at least five minutes.  So multiply my five minutes by, say, two thousand ditherers.  That’s TEN THOUSAND minutes.  Think of the amount of actual work that could have been done in those ten thousand minutes.

The second is who decided to call it a Phish?  When I was still cool and young, Phish was a rock band and also a very yummy ice cream bar.  It certainly was not a test!

Northstarr Recommendations 

  1. Ensure you only click on links in emails from senders you recognize!
  2. Appreciate your IT team’s work for your entire organization, even if it causes you stress at times.  They’re there to keep you and your organization safe!

To find out more about how we can help, visit our website or give us a call at (888) 767-2210 to set up an appointment.  We look forward to meeting with you!