Don't Fall for the Bait! That Email Might be a Test!

Today's blog moves beyond job seeking to job keeping. Hey, if we can prevent anyone from having to look for work, then we are all the more satisfied, especially when it comes to helping people change work habits that can be risky to their job security.

What struck this chord was a recent article in the Washington Post about how employers may, and rightfully so, be doing a little phishing for the sake of network security. In the workplace, phishing could work like this: John Doe gets an email from an unknown source. He opens it, and wow, some legitimate-sounding company or person has singled him out to receive a $50 restaurant certificate, or even better, a free digital camera or laptop. "Wow!"  John the Innocent thinks, "I'll just fill out this form they require in order to receive my reward, and on Friday I'll take Betsy and the kids out to dinner...for free!" The problem with responding to the email is worse than the fact that you'll never get the gizmo or gift certificate, it's that the information you are required to provide to claim the purported reward could be deadly to your company's network. The end result is like inviting pirates to a board meeting.

To figure out which employees pose the greatest security risks, companies have started spamming their own employees with bogus, phishy emails. They want to know who is taking the bait. In a recent phishing operation, one employer found that 30 of 100 employees fell for the ruse.

Most employers quoted in the article said they aren't firing people for responding to spam, but they do follow up with training on network security. So, herewith is yet another compelling reason to leave those tantalizing offers alone. If a security breach does not lead to dismissal, it stands to reason it might not be a feather in your cap when the opportunity for advancement comes along.

back to June blog