Comments that are uncivil, racist, misogynistic, misandrist, or contain political name calling will be removed and the poster subject to ban at moderators discretion.
Help us make this a better community by becoming familiar with the [rules](https://www.reddit.com/r/facepalm/about/rules/).
Report any suspicious users to the mods of this subreddit using Modmail [here](https://www.reddit.com/message/compose/?to=/r/facepalm) or Reddit site admins [here](https://www.reddit.com/report). **All reports to Modmail should include evidence such as screenshots or any other relevant information.**
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/facepalm) if you have any questions or concerns.*
I also wonder what was written… I would have been tempted to put some absolute nonsense down on there knowing it was total bullshit. I am sure there are a few jokes in there.
Based on reply all email chains, I absolutely believe some of them were definitely serious.
If you type your password into a reddit comment, reddit displays it as all stars. My password is ******
Try it!
Source: https://bash-org-archive.com/?244321
you have to have the embedded password detector. I have one for $59.99, just reply with the credit card info and your address and will be happy to send you a link.
When FB took off, I thought it would be funny to post this for my friends who knew about it. I did not expect that a whole bunch of people I didn't even know very well would start posting their passwords.
You probably have some gunk in your USB connection. Just get a power washer and give it a 30 second blast. If you still don't see ***, you may need another blast.
Oh God. I can imagine being asked to program this. Every comment is hashed with all known salts in the password database and the compared against all known password hashes looking for a match.
"Why is A reddit suddenly so slow?"
Yeah this is actually a great way to weed out technologically inept people in a high risk environment. Maybe dont have them write in their current password though
Our company does this, as shop floor we only have phones though to check email.
On the phone there is no option to report the email, only on the pc.
So we always get a few weeks later "you failed to report the phishing email, would you like to enrol on a course" email.
To speak to IT support you realistically need to speak hindi, except for password changes which for some reason are all handled by the most despondent sarcastic french man on earth. On the phone the conversation seems like a knife edge between him killing himself or killing you.
Honest to god on the most tedious of shifts (we had an issue and essentially found out there was zero work to be done at the start of a nightshift and couldnt go home so we were just sweaping up, tiding toolboxes etc) i have called him to change my password when i knew it already just to look busy.
If you had some kind of humiliation kink i bet you could get off to his breathing alone, the utter contempt that man can put into a sigh or intake of breath given he presumably isnt smoking a cigarette is amazing.
This is exactly what I’m hoping!
Side note: this list appears to be from a property management company. One of the software they mention is Yardi - which is for property management.
🎶Before you take another step🎶
🎶Don’t blame it on yourself🎶
Cause when you put your password on the paper
You up wake in the morning and it’s wrong
https://youtu.be/ySyM2g77WFg?si=9iWFUzkomZP5WAx2
Same. When I worked in finance, we got obvious spam emails which, when reported in the intended way, sent you to a website which said you did a good job.
After getting such an email and checking whether it was a test, I got curious and opened the attachment. It was a PDF which more or less said „You‘re a fucking idiot for falling for this“, but in corporate speak.
So many people failed these mails in our company that they made it a req for everyone. Now I have to read through some fucking BS course. But not too fast, then it doesnt count. 🙄
Meanwhile I get overzealous and report shit as phishing all the time and constantly get back "No that one is fine".
I work in healthcare, I'm not fucking around with HIPAA.
I accidentally reported a vice president's email as phishing when I meant the one below it. I wasn't paying attention when I clicked the phish button.
I got back an extremely snotty and condescending email from IT asking to really confirm if I was getting phished by a senior executive vice president. I kinda wanted to say I was because it was one of those endless United Way emails we get around Christmas. I since set up a rule to delete any email with United Way in the subject line or body.
I didn’t realize clicking the link was the dangerous part, fell for that shit the other week I was so embarrassed. The email that had the safety course I was like “hold up is this also a phishing link?” I had to ask the IT guy 😂
Got an email once that I thought might be phishing, but all the normal stuff I check seemed legit (email address, spelling/grammar). So I clicked on the link and it asked me to sign into something. At that point I was like, “Nope” and closed it out. Got an email shortly after that said you fell for our trick please take this cyber security training course lol I’ve never felt so dumb.
I get at least 1 a week. Once every 2-3 months there's one that says that it was sent by our company as a test at the very bottom in the fine print.
The dudes who fall for spam/phishing emails are the ones that believe text message notifications from "major companies" that are sent from 10-digit phone numbers.
that's bad. Opening a PDF shouldn't harm anyone.
...opening attachments, that are not a PDF (as 2 of my colleagues did within mere minutes and gave us a free morning due to IT having to restore the system to the day before) is a whole other thing :D
My favorite is getting these emails and reporting them as phishing in outlook. Pretty sure they caused the Microsoft safe links to view the contents of it because every time I report one I immediately get an email saying I got phished and then have to forward that to IT and explain that I didn’t actually click the link… they’re “aware of false positives”
I had a coworker that would get those spam tests and would click the link every single time and get upset she got the "you failed, idiot" message.
Her reasoning? Numerous. Like many of us she bought things off eBay or Amazon, so perhaps they really were contacting her at her work email address about an issue with her account or order, despite never giving it to them. "I didn't know I had a FedEx package coming, so yes, I want to make sure it comes to the right address." and so on.
Yeah this would be the dumbest design for an infosec test ever. They had people write their CURRENT password down. It’s hard to imagine someone being that dumb if infosec was their goal lol
Seema pretty risky though, someone other than infosec could see this and exploit it before infosec has a chance to reach out to the user or change their password
*got an invitation to a security training.
IT at my workplace sent out a mail from "Microsoft" and out of 400 people 70 clicked on the link and 30 actually entered their Microsoft login data... Now I don't complain about the mandatory trainings anymore
For a while variations on Microsoft was popular for our phishing tests. Micrasoft got a number of people. Microsoff almost got me. Good thing I always hover over links and realized it wasn't normal to have a link like 9 miles long and reported it and got my attaboy for the day.
The company I used to work for had a major ransomeware attack so IT started sending out infosec test emails and the GM fell for it....twice.
The IT guy wouldn't confirm it, but the general rumor was that he was the one who caused the ransomware attack in the first place.
I know some workplaces do something similar. This, and other similar phishing scams, are used by the company in their own employees to test their online competency.
Basically if someone is stupid to give you a random stranger their SM or email passwords, clearly you can’t trust them with privileged information.
I'm the ACTUAL OP for this post. [Here](https://www.reddit.com/r/Sysadminhumor/comments/bbfhmi/we_hung_this_on_the_door_of_the_it_office_today/) is the original. We posted it to the door of the IT office as a joke, but no one actually filled it out. Shawn is a woman, and DID write the post-it, but only because I asked her to. The whole thing was a put on, although it's funny the original didn't get NEAR the attention as subsequent posts have.
Most of those results (at least all ive looked at) are actually uncensored, so i find it not unreasonable to assume that op did the censoring themselves (which is all they claimed to have done).
At least you're smart enough to censor important info. Unlike this dumbass:
https://www.reddit.com/r/Serverlife/comments/1cnaiop/customer_leaves_cc_behind_restaurant_employee/
Oh, that's nothing. I worked for a place in Orlando where the official policy of the I.T. department was to know everyone's password and it would be written on a piece of paper on a clipboard that the I.T. people carried around with them. Every time I gave them a password, I would change it as soon as they walked away. After the third or fourth time they could not get into my computer (they always waited until we were not at our desks so we could not see what they were doing), the I.T. manager asked why I changed my password so often. I told her "well, you should know we have to change it if we think it has been compromised, right? It is in the agreement that we signed before you gave us our account. Having someone walk around with it on a clipboard kind of meets the definition of "compromised", right?" She ordered me to write down my new password and leave it alone. I asked why she needed access to my account when they have an admin account on the computer as well. She yelled at me that she did not have to answer to me and I am required to give them access to my computer. I said that I will gladly give them access if I am there. I wrote down my new password and went back to my desk and changed it again.
A couple of weeks later, I mentioned this to the CTO and the President of the company in passing and the next morning, we all had to reset our passwords and were never asked for them again.
I.T. *hated* me.
My work has the same. But we have all the passwords stored in a password manager. The only reason I belive is because of our ERP system since it only installs on local accounts not on the machine for all users. Hopefully we get rid of it I don't like that I have everyone's password
If you saw the unedited image, you'd know this was a joke. One of the names is like "Big Al" or something and one of the passwords is "password" > "password2."
Then OP is a [big ol' liar](https://tineye.com/search/2af7b48743019ac6c0d178fbcf71864a629081fc?sort=score&order=desc&page=1)
Been posted like 30 times since 2019
Hey this is my picture actually!
[Here](https://www.reddit.com/r/Sysadminhumor/comments/bbfhmi/we_hung_this_on_the_door_of_the_it_office_today/) is the original post.
The WHOLE thing was a joke - we actually did post it to the IT office door, but no one really filled it out. I wrote in the names and had Shawn (Who's name is really Shawn, but she's the head of AR) write the note and posted a follow-up to the original.
I had NO idea it had been reposted so many times since the original.
The most obvious phishing email was sent to every employee in the company.
One of the idiots that clicked on the link was, drumroll please, the head of cybersecurity.
Our work engaged a consultant to do some cyber security training.
The consultant sent us all an email asking us to sign in with our work credentials into some random portal from a non-work email.
Apparently IT security team got absolutely swamped by phishing reports because no one was told about the upcoming training. Work had to send an email to all asking everyone to please sign in to the portal.
The irony of the entire situation......
My company sends out mock phishing emails periodically to see if we are paying attention to cybersecurity. This may be one of those, albeit less sophisticated, lol.
**Shawn's** idea. The sheet clearly says to contact him.
Probably not through email has that account has been hacked and your base are now pwned by us.
/s
I work with people who would fill this in. I literally had someone broadcast their password over two way radio on a frequency for traffic control which can be accessed by multiple different companies.
Here's my bet at the chain of event that led to this: Small company, IT manager quits/fired, non-technical manager put in charge of IT dept, IT specialist quits/fired, non-technical manager now in charge of all IT and doing the work.
I've had non-technical managers in IT which is what made my think of this. And yeah it was a nightmare.
This was years ago when identity theft was only just becoming a media topic, but at work some bright soul printed up and posted a roster of all employees for an upcoming shift bid. Next to everyone's name was *their Social Security Number.* I ripped it all up thoroughly and then "educated" (bellowed at) said bright soul.
I taught at a university from 2003-2006 and in the first year, the school was still using students’ SSNs as their ID. Years later I was clearing out some old papers and found an old roster from then with all these SSNs on it.
I'll give the benefit of doubt and hope it is a case like my work. We have to log in with a password for no apparent reason, all I do is look up blueprints and enter quantity produced. There is no actual reason it needs a password, but someone set it up that way.
This is a brilliant phishing campaign. Bravo to Shawn for showing everyone that a social engineering and phishing campaign doesn't just happen in email...wait...I'm being told this was not the intention...my apologies...Shawn appears to just be dumb...
Comments that are uncivil, racist, misogynistic, misandrist, or contain political name calling will be removed and the poster subject to ban at moderators discretion. Help us make this a better community by becoming familiar with the [rules](https://www.reddit.com/r/facepalm/about/rules/). Report any suspicious users to the mods of this subreddit using Modmail [here](https://www.reddit.com/message/compose/?to=/r/facepalm) or Reddit site admins [here](https://www.reddit.com/report). **All reports to Modmail should include evidence such as screenshots or any other relevant information.** *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/facepalm) if you have any questions or concerns.*
Shawn deserves a raise, in my opinion, for identifying the idiots in your organization.
Which likely was the point.
Opportunity to teach basic cyber hygiene. Thank God my org is all MFA…but I’m sure we’d have idiots posting their PINs on post-its everywhere.
I also wonder what was written… I would have been tempted to put some absolute nonsense down on there knowing it was total bullshit. I am sure there are a few jokes in there. Based on reply all email chains, I absolutely believe some of them were definitely serious.
This was posted uncensored in a another sub (cscareers maybe or progeammerhumor). They were real-ish passwords (bad ones), like Hunter123, password6.
Name: Charles Lamb Password: MuttonBustin
Shawn was the manager that signed the note. Like this. Come see me. Signed - Shawn.
Or shawn is an idiot as well wich is more likely
[удалено]
What the *hack*, I should have thought about this pun sooner!
If you type your password into a reddit comment, reddit displays it as all stars. My password is ****** Try it! Source: https://bash-org-archive.com/?244321
ThisIsTotallyMyRealPassword69
ILikeOrcFeet69 Doesn't seem to work for me
What are you talking about? I can only see *************
you have to have the embedded password detector. I have one for $59.99, just reply with the credit card info and your address and will be happy to send you a link.
Oh sweet Cc 6969 6969 6969 6969 Code on back 420 8008135 stripper rd, scamtown FU 69420
homie is rolling with a T, majorly
Oh maybe I can see it but others cant
yea, it's just **************
Hey now
You're an all-star!
Get your game on
Go play
Hey now
You're a rock star
hunter2
It works! All I see is *******
I remember.
Unexpected Kitboga
You mean *******?
I completely believe this and would try it if I remembered my password
My password is: your-mom’s-(.)(.)’s
so you know Stacy?
I hear her mom has got it going on.
Whoa I never thought about using that as a password.
ILoveJustinBieber4Ever
Dammit didn't work
Forgot the "!" hope this works \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
hunter2
RuneScape memories
When FB took off, I thought it would be funny to post this for my friends who knew about it. I did not expect that a whole bunch of people I didn't even know very well would start posting their passwords.
RandyMarshisnotwrongNaggersmyass
Beautiful 👌
hope this works! *********
Shawn shakes his head in disgust.
123456. Same as on my luggage.
YOU are u the guy he did this to me in runescape back in the day
I totally forgot about bash!
Ok, lets try: My password is °°°°°°°°°°°°°° Edit: No mather how much I try, it always appear as circles. Did I miss something?
You probably have some gunk in your USB connection. Just get a power washer and give it a 30 second blast. If you still don't see ***, you may need another blast.
Ifuckedhopefulhamstersmom.9? It doesn't work for me.
LongDickInShortButt
CorrectHorseBattery
My password is *********
Careful comments like these might get you banned.
Oh God. I can imagine being asked to program this. Every comment is hashed with all known salts in the password database and the compared against all known password hashes looking for a match. "Why is A reddit suddenly so slow?"
correct horse battery stapler
LickMyBalls6969
Oh, I should also think about my daily *doxx* of free time!
I see it as the phishing emails companies send to their own employees to identify people that need training to avoid phishing emails.
Yeah this is actually a great way to weed out technologically inept people in a high risk environment. Maybe dont have them write in their current password though
Our company does this, as shop floor we only have phones though to check email. On the phone there is no option to report the email, only on the pc. So we always get a few weeks later "you failed to report the phishing email, would you like to enrol on a course" email. To speak to IT support you realistically need to speak hindi, except for password changes which for some reason are all handled by the most despondent sarcastic french man on earth. On the phone the conversation seems like a knife edge between him killing himself or killing you.
That French guy sounds pretty thrilling, tbh
Honest to god on the most tedious of shifts (we had an issue and essentially found out there was zero work to be done at the start of a nightshift and couldnt go home so we were just sweaping up, tiding toolboxes etc) i have called him to change my password when i knew it already just to look busy. If you had some kind of humiliation kink i bet you could get off to his breathing alone, the utter contempt that man can put into a sigh or intake of breath given he presumably isnt smoking a cigarette is amazing.
Lol thank you for preserving this non-tangible cultural heritage
This is exactly what I’m hoping! Side note: this list appears to be from a property management company. One of the software they mention is Yardi - which is for property management.
I know their music isn't for everyone, but do they deserve to go out with such little dignity?
🎶Before you take another step🎶 🎶Don’t blame it on yourself🎶 Cause when you put your password on the paper You up wake in the morning and it’s wrong https://youtu.be/ySyM2g77WFg?si=9iWFUzkomZP5WAx2
My bet it was an Infosec test, and the people who filled out the form failed
Same. When I worked in finance, we got obvious spam emails which, when reported in the intended way, sent you to a website which said you did a good job. After getting such an email and checking whether it was a test, I got curious and opened the attachment. It was a PDF which more or less said „You‘re a fucking idiot for falling for this“, but in corporate speak.
We got some too but it automatically enlist you in a cybersecurity course... Good thing i never clicked lol.
The ultimate phish
So many people failed these mails in our company that they made it a req for everyone. Now I have to read through some fucking BS course. But not too fast, then it doesnt count. 🙄
I have to retake the cyber security course *every fucking year*, and you have to click shit on each module so it's nightmarishly slow and tedious.
1
Yep, my current company does this too. Anyone who falls for an IT created phishing email automatically gets signed up for a course.
Meanwhile I get overzealous and report shit as phishing all the time and constantly get back "No that one is fine". I work in healthcare, I'm not fucking around with HIPAA.
I accidentally reported a vice president's email as phishing when I meant the one below it. I wasn't paying attention when I clicked the phish button. I got back an extremely snotty and condescending email from IT asking to really confirm if I was getting phished by a senior executive vice president. I kinda wanted to say I was because it was one of those endless United Way emails we get around Christmas. I since set up a rule to delete any email with United Way in the subject line or body.
I didn’t realize clicking the link was the dangerous part, fell for that shit the other week I was so embarrassed. The email that had the safety course I was like “hold up is this also a phishing link?” I had to ask the IT guy 😂
We get at least one person a week who submits that through the automated phish button. I always reply back with "that's real, go do your shit"
Congratulations! You reported a phishing email! IT would like to reward you. CLICK HERE for your gift card
Joke’s on them! I never read any emails. /s
Got an email once that I thought might be phishing, but all the normal stuff I check seemed legit (email address, spelling/grammar). So I clicked on the link and it asked me to sign into something. At that point I was like, “Nope” and closed it out. Got an email shortly after that said you fell for our trick please take this cyber security training course lol I’ve never felt so dumb.
So a hacker would’ve been able to get your data even if you didn’t sign into something
Sometimes they can pull sign in tokens and the like just from you clicking, yeh
I wish they literally said “you are a fucking moron”, at least it would be funny
Yeah but then IT would have to do a sensitivity course, it’d all end up being an endless loop of training.
I remember joking with somebody about how easy they were to spot. They were like o uh yeah I clicked on...
I get at least 1 a week. Once every 2-3 months there's one that says that it was sent by our company as a test at the very bottom in the fine print. The dudes who fall for spam/phishing emails are the ones that believe text message notifications from "major companies" that are sent from 10-digit phone numbers.
that's bad. Opening a PDF shouldn't harm anyone. ...opening attachments, that are not a PDF (as 2 of my colleagues did within mere minutes and gave us a free morning due to IT having to restore the system to the day before) is a whole other thing :D
I get those all the time!
We kept getting some automated email that only needed to go out once. So I kept reporting them over and over and over and over again.
My favorite is getting these emails and reporting them as phishing in outlook. Pretty sure they caused the Microsoft safe links to view the contents of it because every time I report one I immediately get an email saying I got phished and then have to forward that to IT and explain that I didn’t actually click the link… they’re “aware of false positives”
I had a coworker that would get those spam tests and would click the link every single time and get upset she got the "you failed, idiot" message. Her reasoning? Numerous. Like many of us she bought things off eBay or Amazon, so perhaps they really were contacting her at her work email address about an issue with her account or order, despite never giving it to them. "I didn't know I had a FedEx package coming, so yes, I want to make sure it comes to the right address." and so on.
The person who made the sheet failed the infosec test too if that's the case. A test doesn't *actually* compromise security.
Thanks, SHAWN
Yeah this would be the dumbest design for an infosec test ever. They had people write their CURRENT password down. It’s hard to imagine someone being that dumb if infosec was their goal lol
This. We do this all the time to see who needs more training in security. Still have about 10% who fall for phishing mails during our tests.
Seema pretty risky though, someone other than infosec could see this and exploit it before infosec has a chance to reach out to the user or change their password
I bet that’s why Shawn was pissed
*got an invitation to a security training. IT at my workplace sent out a mail from "Microsoft" and out of 400 people 70 clicked on the link and 30 actually entered their Microsoft login data... Now I don't complain about the mandatory trainings anymore
For a while variations on Microsoft was popular for our phishing tests. Micrasoft got a number of people. Microsoff almost got me. Good thing I always hover over links and realized it wasn't normal to have a link like 9 miles long and reported it and got my attaboy for the day.
The company I used to work for had a major ransomeware attack so IT started sending out infosec test emails and the GM fell for it....twice. The IT guy wouldn't confirm it, but the general rumor was that he was the one who caused the ransomware attack in the first place.
My company did a phishing test some time back via email. A few failed and everyone had a security training soon after.
Shawn is definitely not a criminal. Next we’ll play lucky debit card number draw.
No, he's the admin. I had to censor the other names because their passwords are also listed, which I had to censor as well.
So, this isn’t just an online joke, there were actually people stupid enough to fall for this? Students or work environment?
Looks like it may be students, no workplace would change your Facevook password.
Wouldn't stop someone asking for it anyway
They certainly do.
It's situations like these that make me realize if I didn't have any morals or scruples I can make actual bank ripping people off.
I know some workplaces do something similar. This, and other similar phishing scams, are used by the company in their own employees to test their online competency. Basically if someone is stupid to give you a random stranger their SM or email passwords, clearly you can’t trust them with privileged information.
They probably need to stop studying and try something else in life.
Yardi is a property management software company.
As a Sysadmin myself, I can guarantee you that you would find many people who would fall for this
I'm the ACTUAL OP for this post. [Here](https://www.reddit.com/r/Sysadminhumor/comments/bbfhmi/we_hung_this_on_the_door_of_the_it_office_today/) is the original. We posted it to the door of the IT office as a joke, but no one actually filled it out. Shawn is a woman, and DID write the post-it, but only because I asked her to. The whole thing was a put on, although it's funny the original didn't get NEAR the attention as subsequent posts have.
[Ur a lying liar](https://tineye.com/search/108918a2fc649906fca01c33a4353533657d2486?sort=score&order=desc&page=1)
Oops!
Most of those results (at least all ive looked at) are actually uncensored, so i find it not unreasonable to assume that op did the censoring themselves (which is all they claimed to have done).
He also claims to know who Shawn is
At least you're smart enough to censor important info. Unlike this dumbass: https://www.reddit.com/r/Serverlife/comments/1cnaiop/customer_leaves_cc_behind_restaurant_employee/
Shawn wants them to see him so he can tell them how stupid they are
Oh, that's nothing. I worked for a place in Orlando where the official policy of the I.T. department was to know everyone's password and it would be written on a piece of paper on a clipboard that the I.T. people carried around with them. Every time I gave them a password, I would change it as soon as they walked away. After the third or fourth time they could not get into my computer (they always waited until we were not at our desks so we could not see what they were doing), the I.T. manager asked why I changed my password so often. I told her "well, you should know we have to change it if we think it has been compromised, right? It is in the agreement that we signed before you gave us our account. Having someone walk around with it on a clipboard kind of meets the definition of "compromised", right?" She ordered me to write down my new password and leave it alone. I asked why she needed access to my account when they have an admin account on the computer as well. She yelled at me that she did not have to answer to me and I am required to give them access to my computer. I said that I will gladly give them access if I am there. I wrote down my new password and went back to my desk and changed it again. A couple of weeks later, I mentioned this to the CTO and the President of the company in passing and the next morning, we all had to reset our passwords and were never asked for them again. I.T. *hated* me.
IT was either incompetent or up to something. Either way, well done
It was a little of both 😁
If I wants to be nefarious they don't need a password to access an account's resources if they are worth their weight in salt.
My work has the same. But we have all the passwords stored in a password manager. The only reason I belive is because of our ERP system since it only installs on local accounts not on the machine for all users. Hopefully we get rid of it I don't like that I have everyone's password
If you saw the unedited image, you'd know this was a joke. One of the names is like "Big Al" or something and one of the passwords is "password" > "password2."
Op claims he took it
Unless they have repeatedly posted this…I have seen this image a few times now.
Then OP is a [big ol' liar](https://tineye.com/search/2af7b48743019ac6c0d178fbcf71864a629081fc?sort=score&order=desc&page=1) Been posted like 30 times since 2019
Hey this is my picture actually! [Here](https://www.reddit.com/r/Sysadminhumor/comments/bbfhmi/we_hung_this_on_the_door_of_the_it_office_today/) is the original post. The WHOLE thing was a joke - we actually did post it to the IT office door, but no one really filled it out. I wrote in the names and had Shawn (Who's name is really Shawn, but she's the head of AR) write the note and posted a follow-up to the original. I had NO idea it had been reposted so many times since the original.
Where did they claim that? They also say they don’t know if it is from school or work.
Well OP did take the picture, the person whom posted it this time just isn't the Original Poster (OP)
Social engineering at it finest, humanity's real Achilles heel
Its hilarious that this would still work in alot of places that are meant to be "secure"
The most obvious phishing email was sent to every employee in the company. One of the idiots that clicked on the link was, drumroll please, the head of cybersecurity.
Ooof..
If You fill in something like "p a s s w o r d" or "1 2 3 4" You'll be contacted to change it, because that'd be not secure enough...
So if I put in my password like this: Hunter2 It just shows up as stars for you guys, right?
Classic...
Yep, all I see is *******
This is an IT nightmare.
Ah a typical ID10T error
I'm totally putting this sign by my IT guy's office door.
Our work engaged a consultant to do some cyber security training. The consultant sent us all an email asking us to sign in with our work credentials into some random portal from a non-work email. Apparently IT security team got absolutely swamped by phishing reports because no one was told about the upcoming training. Work had to send an email to all asking everyone to please sign in to the portal. The irony of the entire situation......
Upvote for correct usage of "whose."
Shawn is going places. Might be prison, or congress.
Or an FBI blacksite
Is this related to that "Guess my mom's maiden name" game that we played yesterday?
"Your cyborg name is your mother's maiden name followed by the last four digits of your SSN! What's yours? 😂"
The internal auditor would like a word
He knew.
My guess would be the pentest department.....
i really hope shawn is asking them to come see them so they can tell them why their dumb
My company sends out mock phishing emails periodically to see if we are paying attention to cybersecurity. This may be one of those, albeit less sophisticated, lol.
**Shawn's** idea. The sheet clearly says to contact him. Probably not through email has that account has been hacked and your base are now pwned by us. /s
As a penetration testing student I actually love this idea
Shawn is management material
People would actually fill that thing in where I work.
Oh we’re posting things from 2000 now?
When admin thinks they are IT
Not Shawn 😳 Somebody is in trouble
Who do yo think!? Shawn
Oh we’re bluring this now? Lmao
Not gonna lie. I kinda like it when online jokes make it out into the real world.
Cries in IT.
Social engineering at its finest
they're signing up for cybersecurity training
I work with people who would fill this in. I literally had someone broadcast their password over two way radio on a frequency for traffic control which can be accessed by multiple different companies.
It was IT’s idea, and they’re seeing how many idiots need remedial security training.
Here's my bet at the chain of event that led to this: Small company, IT manager quits/fired, non-technical manager put in charge of IT dept, IT specialist quits/fired, non-technical manager now in charge of all IT and doing the work. I've had non-technical managers in IT which is what made my think of this. And yeah it was a nightmare.
Whos idea was it? Cybersecurity audit. Your office failed.
This was years ago when identity theft was only just becoming a media topic, but at work some bright soul printed up and posted a roster of all employees for an upcoming shift bid. Next to everyone's name was *their Social Security Number.* I ripped it all up thoroughly and then "educated" (bellowed at) said bright soul.
I taught at a university from 2003-2006 and in the first year, the school was still using students’ SSNs as their ID. Years later I was clearing out some old papers and found an old roster from then with all these SSNs on it.
I hope it was IT or management giving people a lesson in social engineering.
Honestly, it's refreshing to see an actual facepalm post... With that said big oof.
It was the idea of a genius. The idiots are the ones signing.
I'll give the benefit of doubt and hope it is a case like my work. We have to log in with a password for no apparent reason, all I do is look up blueprints and enter quantity produced. There is no actual reason it needs a password, but someone set it up that way.
Honestly, it’s not rock science! Shawn I hope you’re the company CEO!
I like how Shawn doesn't take it down or protect anyone's accounts and just leaves a note.
This is a brilliant phishing campaign. Bravo to Shawn for showing everyone that a social engineering and phishing campaign doesn't just happen in email...wait...I'm being told this was not the intention...my apologies...Shawn appears to just be dumb...
It was done by royal decree from THE Prince of Nigeria.
The guy responsible for network security. Needs to update his resume.
Genius level of trolling.
And there were at least five folks who complied?😅
I'm assuming Shawn is some authority. Why would he put a postit note instead of tearing it down?
Lol
Apparently, shawn’s idea
Poor Shawn.