Corey Quinn · Jun 3, 2022 · 2:02 PM UTC

Corey Quinn

Corey Quinn @QuinnyPig

3 Jun 2022

Corporate Infosec sends a phishing test email, I click, and somehow I'm the asshole because "[I] failed the test; had this been real it would have destroyed the company network"? If me clicking can destroy the network, I'm not the one in this conversation who sucks at their job.

123

775

132

4,755

🦣 @dalias@hachyderm.io 🦣 · Jun 4, 2022 · 2:04 AM UTC

🦣 @dalias@hachyderm.io 🦣 @RichFelker

4 Jun 2022

But they didn't even get phished! Clicking the link is not "getting phished". It's how you check it out to see if it's legitimate. Getting phished is specifically *entering credentials or private information* on the site afterwards. This is a hill to die on.

127

Kaylex · Jun 4, 2022 · 11:39 PM UTC

Kaylex @kaylexdeer

4 Jun 2022

There can be compromises in sites, browsers etc, clicking a suspicious link is always a bad idea. If you don’t know if it’s legit, what will it hurt if you *DON’T* click it. Just ignore it

Stefan Tilkov · Jun 5, 2022 · 7:37 AM UTC

Stefan Tilkov · Jun 5, 2022 · 7:37 AM UTC

Stefan Tilkov @stilkov

5 Jun 2022

Replying to @kaylexdeer @RichFelker @ArchieAntlers @SchmiegSophie @QuinnyPig

Pretty much every link is suspicious, so that’s not a strategy that can work unless you stop using the Internet

Jun 5, 2022 · 7:37 AM UTC

Kaylex · Jun 7, 2022 · 8:36 PM UTC

Kaylex @kaylexdeer

7 Jun 2022

Replying to @stilkov @RichFelker @ArchieAntlers @SchmiegSophie @QuinnyPig

Not every link is suspicious lmfao. Use context clues, and if you don’t know for sure you can literally find out in a plethora of other ways if something is real; call the vendor/person, go to the service’s portal. You don’t have to stop using the internet. Just use it smarter.