April 15, 2022

From Gerald R. Lucas

Speaking of Email covid-19: day 748 | US: GA | info | act

Apparently, phishing is rampant at the university. We have compulsory, annual “cybersecurity” training, and these days we’ve gotten a lot of phishing emails. These are usually pretty obvious: bad English, typos, weird email addresses, and always the dead-giveaway: the fishy URLs. If the rest of the message wasn’t a clue, hovering over a URL to see where it goes will always expose a phishing attempt.

Also, external emails have started being labeled with the following banner:


I guess this is a common corporate practice, albeit annoying, as I am adept at spotting phishing. Lately, the university has started sending out tests, like this one.


Notice, this email, though it comes form an outside email address, does not have the warning banner. It looks official and is even written in an adept corporatese. Hovering over any of the links gives it away. No problem: phishing. Well, when moving the cursor off of the link in Windoze, the link activated, so I look as if I’ve been fooled. I immediately get an email telling me so, and I’m automatically signed up for remedial training because I’m obviously an idiot, right?

Needless to say, this is some inconvenient bullshit. I guess their reasoning goes something like: Hey, it’s near the end of the term when faculty are the most busy—let’s entrap them into doing remedial cybersecurity training. Yeah, it’s a perfect time.

So now I have to worry about phishing from my own university. Great. To celebrate, I’m creating a new 💩 category.