this post was submitted on 29 Mar 2025
986 points (98.8% liked)
[Moved to [email protected], check pinned post.] iiiiiiitttttttttttt.
920 readers
1 users here now
you know the computer thing is it plugged in?
Moved to [email protected].
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The only phishing e-mails I receive are from my employer. As a matter of process I report these e-mails like a diligent lackey, then upon receiving an e-mail congratulating me on passing their test, I report that one too. I think the non-test phishing reports undergo manual review so I hope I'm wasting someone's time somewhere in payback.
Still haven't forgiven them for a tone-deaf 'we care about you during COVID' phishing e-mail they sent when everyone was genuinely struggling.
Except for the tiny fact that a phishing email wouldn't give a fuck about being "tone deaf" and would bank on the "nobody bad would ever send an email like this!".
Sure, a genuine phishing e-mail wouldn't give a fuck. But fake phishing e-mails sent from an employer should give a fuck about retention and employee engagement. Drawing attention to how much you don't care about your employees while exploiting their emotions isn't all that conducive to maintaining a healthy workforce/morale.
There are ways to demonstrate the lengths bad actors are willing to go without being a douche.
As an example, find out something the employer actually will be doing (or already does) and pre-empt it with a related, but not identical, phishing test. After the test has elapsed, send a follow up explanatory e-mail, with genuine content e.g. "We won't pay you $10,000,000 to have a baby, but did you know about our generous maternity leave package?"
That implies they care about our feelings. When actually they want us to remember we only get paid if we're of pecuniary value to them. Even at a good company like mine.