(Washington Post)   The Chicago Tribune, which has laid off countless employees, denied raises and promotions, and cut benefits, learns that using a "Click This Link To Learn About Your $10,000 Bonus" email to test staff awareness of online scams isn't the best idea   (washingtonpost.com) divider line
lindalouwho [TotalFark] [OhFark]
‘’ 1 hour ago  
Why is the word cruel in quotation marks, ya dick?
 
dothemath [TotalFark]
‘’ 1 hour ago  
rollingstone.comView Full Size

"Chicago..."
 
Billy Liar
‘’ 1 hour ago  
They shoulda put it behind a paywall.
 
Singleballtheory
‘’ 1 hour ago  
The Chicago Tribune:  You're the Inspiration

... for my Falling Down cosplay.
 
GregInIndy [TotalFark]
‘’ 1 hour ago  
That should be illegal. They should be bound to pay any bonus they've expressly promised to employees.
 
halifaxdatageek [TotalFark] [OhFark]
‘’ 1 hour ago  
I'm biased by virtue of being on the other side of these emails (IT, not a Nigerian scammer), but aren't they fairly common?
 
Poegressive
‘’ 1 hour ago  
They should just go ahead and give every employee $10,000 anyways to make up for it.  A quick search says they have about 500 employees, so $5,000,000 -- a drop in the bucket for their millions in revenue.
 
Opacity [TotalFark] [OhFark]
‘’ 1 hour ago  
What we have here is a whole office that's setting themselves up for a class action settlement.
 
Cajnik [OhFark]
‘’ 1 hour ago  
FTFA:

There were spelling errors in the email that were meant to serve as tipoffs of its inauthenticity, including the salutation, "Congradulations Executives!!"
...
"Now @tribpub wants to test me by trying 2 lure me into clicking on a link after promising a bonus. This is NO way to treat employees."

I can now see how the poor grammar wasn't a tipoff
 
gar1013 [BareFark]
‘’ 55 minutes ago  

GregInIndy: That should be illegal. They should be bound to pay any bonus they've expressly promised to employees.


Lol.

You're joking right?
 
gar1013 [BareFark]
‘’ 53 minutes ago  
Any employee complaining about this needs to grow up.

Scammers aren't going to play by the rules. In fact, the better the email sounds, the more likely it's a scam.
 
Thisbymaster
‘’ 51 minutes ago  
We keep getting these, they just schedule mandatory training for you if you click a link in an email.  I have a ruleset to filter these out.
 
Erebus1954
‘’ 51 minutes ago  
My employer 'tests' us with a fake phishing email every couple of month to see if we'll take the bait or report to security and delete. They have never admitted they are testing us. They are hilariously obvious.
 
abhorrent1
‘’ 51 minutes ago  
Remember when the Trib owned the Cubs? Good times.

/not really
//it was terrible
 
Mouser
‘’ 51 minutes ago  
Well, if the goal was to weed out the idiots on the payroll, sounds like they did a good job of it.
 
freakdiablo
‘’ 50 minutes ago  

halifaxdatageek: I'm biased by virtue of being on the other side of these emails (IT, not a Nigerian scammer), but aren't they fairly common?


Yes and no.  I get security competency check every few months from IT, but they're typically along the lines of "hey man, it's Todd from the helpdesk.  We're doing some server maintenance after COB, can you send me your password in case the database gets wiped?"

Nothing along the lines of a bonus or raise.
 
Cajnik [OhFark]
‘’ 49 minutes ago  

Opacity: What we have here is a whole office that's setting themselves up for a class action settlement.


I would like to see the email.

If they sent it from CEO.Name@chicagotrbune com then there may be something to it. But usually these company internal phishing tests are blatantly obvious with the return sender address.

"Pam! Have you ever heard of 'totally legit HR dot com?' Do we outsource to them?...
Nevermind..."
 
I'm no expert but...
‘’ 47 minutes ago  

halifaxdatageek: I'm biased by virtue of being on the other side of these emails (IT, not a Nigerian scammer), but aren't they fairly common?


If you mean companies sending test phishing email to staff as part of cyber security awareness, then yes. But if that email was configured to look like a genuine internal email with the envelope address being the only give away that it is a phishing attack then a lot of people would be caught out. This one was really badly thought out and should never have been used.
 
S10Calade
‘’ 47 minutes ago  

halifaxdatageek: I'm biased by virtue of being on the other side of these emails (IT, not a Nigerian scammer), but aren't they fairly common?


I work in automation & controls so I get to spend quite a bit of time with the IT overlords. We had a discussion about this same thing about a year back and I was told there are 2 things that are strictly off-limits. Anything to do with employee compensation/benefits and anything with health/safety. They were told by the corporate lawyers it opens way too many doors for lawsuits if someone takes the info as fact.
 
bigdog1960
‘’ 45 minutes ago  
Actually it is a good test. I mean it's unbelievable.
 
NM Volunteer [TotalFark] [BareFark]
‘’ 45 minutes ago  

Cajnik: FTFA:

There were spelling errors in the email that were meant to serve as tipoffs of its inauthenticity, including the salutation, "Congradulations Executives!!"
...
"Now @tribpub wants to test me by trying 2 lure me into clicking on a link after promising a bonus. This is NO way to treat employees."

I can now see how the poor grammar wasn't a tipoff


Sounds like emails that come from certain people in City Hall here...
 
Cajnik [OhFark]
‘’ 44 minutes ago  

S10Calade: We had a discussion about this same thing about a year back and I was told there are 2 things that are strictly off-limits. Anything to do with employee compensation/benefits and anything with health/safety


img.etimg.comView Full Size

Go on...
 
halifaxdatageek [TotalFark] [OhFark]
‘’ 39 minutes ago  

freakdiablo: Nothing along the lines of a bonus or raise.


I'm no expert but...: If you mean companies sending test phishing email to staff as part of cyber security awareness, then yes. But if that email was configured to look like a genuine internal email with the envelope address being the only give away that it is a phishing attack then a lot of people would be caught out. This one was really badly thought out and should never have been used.


S10Calade: I work in automation & controls so I get to spend quite a bit of time with the IT overlords. We had a discussion about this same thing about a year back and I was told there are 2 things that are strictly off-limits. Anything to do with employee compensation/benefits and anything with health/safety. They were told by the corporate lawyers it opens way too many doors for lawsuits if someone takes the info as fact.


All fair points. And a hat tip to "I'm not expert but..." for an excellent handle.

My buddies always roll these tests in as part of security training, so if you get caught out, you got caught out in the middle of learning about (among other things) how to spot scam emails.

"You tricked me!"
"We literally told you two days ago how to verify an email really came from us."

Bonus fact: The CIA has gone on record as saying they will never put agents undercover as journalists or religious figures, because they don't want to put those folks under any more foreign scrutiny than they already are. Of course, they would say that, wouldn't they...
 
SBinRR [BareFark] [OhFark]
‘’ 34 minutes ago  

Erebus1954: My employer 'tests' us with a fake phishing email every couple of month to see if we'll take the bait or report to security and delete. They have never admitted they are testing us. They are hilariously obvious.


Mine does too, but they give you an atta girl/boy if you catch it. And yeah, they are pretty obvious.
 
LurkerSupreme [TotalFark] [OhFark]
‘’ 34 minutes ago  

I'm no expert but...: halifaxdatageek: I'm biased by virtue of being on the other side of these emails (IT, not a Nigerian scammer), but aren't they fairly common?

If you mean companies sending test phishing email to staff as part of cyber security awareness, then yes. But if that email was configured to look like a genuine internal email with the envelope address being the only give away that it is a phishing attack then a lot of people would be caught out. This one was really badly thought out and should never have been used.


The most amusing help desk ticket I got in response to a phishing awareness campaign was someone who said she was careful not to click on the link, but instead copy/pasted it into her web browser to be safe. Felt kinda bad when I told her that was basically no different than if she'd clicked on the link.
 
NotThatGuyAgain
‘’ 29 minutes ago  

halifaxdatageek: I'm biased by virtue of being on the other side of these emails (IT, not a Nigerian scammer), but aren't they fairly common?


Yes.

Some of them can be quite sophisticated, and will appear to have actually come from HR or whoever.  It wouldn't surprise me if there's a real phishing email out there written in perfect English promising a $10k bonus.

You can't expect everyone to know what they're looking at in an email header, let alone how to find it despite how simple it isn and these tests have a habit of waking users up.  For a week or two, anyhow.

People saying lawsuit...bwahahha someone can file one but they'll never win.
 
waxbeans [TotalFark]
‘’ 27 minutes ago  

GregInIndy: That should be illegal. They should be bound to pay any bonus they've expressly promised to employees.


And that would ALSO stop the phish scams as well.
Imagine those dopes having to cough up on their bait.
The world would be better.
It would likely reduce emissions because of the reduced email
 
waxbeans [TotalFark]
‘’ 25 minutes ago  

Mouser: Well, if the goal was to weed out the idiots on the payroll, sounds like they did a good job of it.


Keep living up to how I have listed
 
Jclark666
‘’ 15 minutes ago  
Wonder how many credentials have now been collected with "Apology from Tribune management.  Here's $500 to make up for our mistake."
 
nursetim
‘’ 5 minutes ago  
Last year my employer sent out an email from Wombat Security with a link to open to test our knowledge on cyber security.  Apparently a lot of people, myself included, thought it was a phishing attempt and flagged it as such. Turned out it was legit, and they sent out a follow up email stating it was legit. What made me suspicious was the name Wombat Security.  I mean, come on.
 
runwiz [TotalFark] [OhFark]
‘’ 4 minutes ago  
There were spelling errors in the email that were meant to serve as tipoffs of its inauthenticity, including the salutation, "Congradulations Executives!!"

Upon reading numerous articles in Tribune publications this would not be a tip off.
 
radiovox [TotalFark]
‘’ 4 minutes ago  
My former employer sent random test emails.  I understand why companies do this.  But when people are scared about their own financial well-being and future employment, this was a seriously dick move by this company.
 
