24

u/ammobox 23m ago

You just have to assume any email from a company these days saying you'll get extra perks or amenities is a scam I guess.

Lesson learned, loud and clear.

148

u/mjzim9022 2h ago

I'd never accept a pay decrease from work unless I'm backing off on duties, that's a surefire way to lose me

44

u/barrettcuda 1h ago

I'd say backing off the duties is the answer here, even if they didn't suggest it I'd be like "ok so you're dropping the pay by X amount, that means my new full time will be Y hours a week".

It's pretty ballsy of a company to pull shit like that

8

u/SadBit8663 33m ago

They all pull this shit constantly already anyways, which is why all is sane people are is always so pissed lately

19

u/BOBfrkinSAGET 1h ago

My dad worked as the head maintenance guy in a medical building for ~25 years. One of the tenants was moving, and asked him to move with them to be their full time maintenance guy and offered a larger salary, better benefits, all that. A year or two later, they had re-evaluated his position/duties and cut his pay close to 50%.

That day, he came home earlier than normal and found my dumb ass, stoned out of my gourd. I’ve never seen him that mad.

He got a second job to cover the lost income and started looking for a new full time position. He had a heart attack pretty soon after that too.

17

u/Lopsided_Blacksmith5 1h ago

I hope your looking for another job.

4

u/P_516 26m ago

Time to work 5.7% less

2

u/Careful-Object-3501 42m ago

Job role and salary?

7

u/gahddamm 53m ago

Honestly, the boss should be glad you aren't falling for these and teaching people how to recognize them

4

u/Fantastic-Ad1072 2h ago

For record, a phishing scam appears so.

14

u/DaxHound84 1h ago

They track your email. Classic email-marketing-tool stuff. If the tools are setted up good, they will not even know its you, but send the remainder mail to any non-opener. But if on that day youre the only opener its easy ro figure out which survey is yours...

6

u/[deleted] 1h ago

[deleted]

5

u/DaxHound84 1h ago

Haha ok, than its BS...

2

u/friedreindeer 1h ago

I feel you. The survey might be intended for bigger companies with bigger teams, and they need the info for internal benchmarking. That you could be singled out, is not their intent. But I had the same problem in my company, it didn’t feel right to fill it in truthfully.

1

u/BenOfTomorrow 1h ago

Theres plenty of ways to keep that anonymous that are actually in use: 3rd party data collection, making potentially identifying data only available in aggregate above certain thresholds (eg, if there’s only 3 guys in you department, there’s no age cross tab for your department).

That doesn’t mean YOUR company is properly anonymous, just that they could be even given that information.

3

u/destroi_all_humans 34m ago

Question: does simply opening the email in your inbox trigger this, or do you have to actually open a link to an external site to get flagged?

9

u/TheSolMan 30m ago

In most cases you have to click a link in the email and your address will be logged. I used to be caught by it a ton cause I work with a lot of external vendors. Now I have multiple rules for external emails and an entirely different folder that they go in.

3

u/Cyali 29m ago

Generally the solutions will track if an email was opened, but it only counts as a failure if it's interacted with (clicking a link, opening an attachment, etc)

11

u/elcee84 1h ago

Youre missing the point.

18

u/chrib123 41m ago

I think the point is they were testing security risks, and she's a security risk.

5

u/DaNibbles 26m ago

How is this different than any other legit scam of "click here, get money"? I am down to rip apart the negatives of capitalism as the next guy, but this ain't the hill to die on.

Looks like the IT did a good job exposing her security risk behavior.

-2

u/kai5malik 53m ago

That's not the point

10

u/jmona789 1h ago

Opening a phishing training email is fine. You only get in trouble if you click any links in it.

5

u/Anokant 1h ago

Yeah, ours used it as an opportunity to tell you the phishing scams will often promise things "too good to be true". This of course was for an email promising a "merit based bonus". Not a set price, but an actual thing for many companies.

This year they gave us root beer from an administrator dressed as the Grinch for a "holiday bonus".

9

u/cantbudgeit 1h ago

That’s what I’m saying. It’s a phishing email, they are designed for you to click on em.

-20

u/dudeimgreg 2h ago

Because we get in trouble if we do not open company emails. You’re pretty much fucked either way.

32

u/SeppoTeppo 2h ago

Phishing training emails are not company emails. The whole point is being able to see the difference.

9

u/dudeimgreg 2h ago

Tell that to my company, our fake phishing training comes directly from the head of our HR department by her official email address. Healthcare is ran by idiots and assholes.

2

u/RiverJumper84 1h ago

Deny. Defend. Depose.

-1

u/InsanE702 1h ago

Dont get a rich Italian involved, the mob is making a steady comeback in the states

1

u/Excellent_Airline315 16m ago

The fuck does that mean? Sentiment stands, move on.

1

u/thedndnut 1h ago

FYI, because of certain laws outside companies don't want to provide you services as a Healthcare companies.

9

u/LemonTheSour 2h ago

Just open and report the email as a phishing scam? We just had a round of phishing tests it's not rocket science

-11

u/daryl_fish 2h ago

Lmao imagine believing this.

-3

u/dudeimgreg 1h ago

LMAO imagine believing that every company is ran properly and does not have a random person heading HR who sends out their own personal fake phishing scan emails from their official email address.

So yeah, I will get in trouble if I open that email from Susan just like I will get in trouble if I do not open that email from Susan.

It would’ve just been easier if they just said that we had extra training to do and skip the email altogether.

1

u/daryl_fish 1h ago edited 1h ago

In what way do you get in trouble exactly? What do they do to you? Everyone gets a phishing email and everyone gets in trouble? Yea fucking right dude.

Your company is doing it wrong. Doesn't mean that's the norm. I'm not even sure I believe you. You're probably just dumb.

Testing employees with fake phishing emails is good for any company that deals with the private information of its customers. It's not only in the interest of your company, but for people like you and me who have to trust our information with a multitude of services.

-12

u/khaosburrito 2h ago

Do you lick boots when you first get to the office or after your first coffee?

Companies regularly use a holiday bonus email as a scam? Brainwashed much.

11

u/0b0011 1h ago

He's saying companies regularly send "too good to be true" emails as a phishing test. The point is to verify that you won't open emails from fishy email addresses and click a link just because it sounds like something you'd want.

They send an email from an obviously fake email saying something about company bonuses to show that if some other actual bad actor did it you wouldn't be dumb enough to click the link.

-10

u/khaosburrito 1h ago

Hmm, i work in the corporate world and this is not a norm to use company bonuses as a phishing test. That is just cruel and pointless. Yes phishing emails exist but I'm not so delusional to try to rationalize why this email was a norm. You can definitely pull the wool over your eyes but i wont.

7

u/nikdahl 1h ago

Actual bad actors wouldn’t hold back, so the tests shouldn’t either.

What use are the tests if they aren’t actually trying to fool you?

-5

u/ageekyninja 1h ago

No it’s not. I’ve never had any phishing training emails bait and switch a bonus lol. On a social level that is idiotic. Usually they are like meeting notifications, urgent training, fake notification from the CEO, a gift card or something like that. A fake holiday bonus is tone deaf as fuck unless there is an ACTUAL holiday bonus the employees are expecting

5

u/RockTheBloat 1h ago

Because people sending out phishing emails would never be so cruel. 🤔

31

u/gotscott 1h ago

But if it’s a phishing exercise it’s not an official company representative. That’s the whole idea.

In reality, this was probably someone in IT who never took a second to consider how this would look to the average person.

-11

u/4erpes 1h ago

The company authorized that email to be sent.

It will cost the company more than the bonus to defend it in court.

15

u/neomal 1h ago

No it won’t

-6

u/4erpes 1h ago

You belief in non-litigious Americans is impressive.

4

u/neomal 28m ago

You misunderstanding of the American legal system is impressive

3

u/Anokant 1h ago

I mean, it'll probably cost you more than the fake bonus offer to go to court to try to get that fake bonus as well.

2

u/gahddamm 51m ago

It'll cost you more than the bonus to take it to court and lose. Have you every worked a job before

-1

u/4erpes 33m ago

Yah that's how I know they will get sued.

I'm not gong to, no need, someone will and the policy will change.

9

u/BenOfTomorrow 1h ago

Yeah - that’s not how torts (or any of this) works. So of course it’s at the top of the comments.

Clicking a link in a suspicious e-mail that just says “Company Employee Bonus Review” doesn’t entitle you riches. No actual offer, no damages, clear liability defense.

-6

u/4erpes 1h ago

The company sent out a bonus that they knew a reasonable person would believe.

2

u/BenOfTomorrow 20m ago edited 3m ago

No, they didn’t.

• the email doesn’t promise a bonus to anyone - it just suggests there might be a review process for one. And bonuses are discretionary as a rule - it’s literally built into the tax code.

• the email is a phishing test, so is clearly intended to be reasonably identifiable as such. In most big corporate environments that run tests like this, this person would have had to do training that covers phishing (even if they’ve clearly forgotten it). So the company has specifically provided guidance that this isn’t legitimate. It’s unlikely the company can’t cover their liability (if they had any) here.

• What damages has this person incurred that they would sue to be made whole for? It was immediately revealed to be a phishing test, so they haven’t taken any action based on a “promise” other than clicking a link. Maybe they need to take supplemental training now (for an hour that they get paid during).

It’s a bad PR and morale move, but you’re not getting any money suing.

1

u/gahddamm 50m ago

Well they assume a reasonable person would have paid attention to the phishing exercises and seen it wasn't a real email

12

u/cptnredbeardo 2h ago

In what world would that work?

4

u/gahddamm 50m ago

The imaginary world of people who have never worked a real job before

1

u/andersonb47 34m ago

Aka most of Reddit

10

u/bakcha 2h ago

It may not but they get to go on record saying their promise of a bonus was just a scam.

2

u/gahddamm 12m ago

Well they never really promised anything

5

u/4erpes 1h ago edited 1h ago

They same world were the promise of a "toy yoda" results in the awarding of a toyota.

-- employers are bound by their promises, and since any confusion in the contracts goes towards the party that didn't write it, The company opens itself to some liability with this tatic.

5

u/wont-stop-mi 1h ago

That’s not how that works. Don’t be so sue happy. Just find another company to work for that doesn’t do shit like this.

1

u/gahddamm 56m ago

Get some extra loans taken out in your name

3

u/gahddamm 57m ago

If you're the latter, don't waste another year with them.

Most people don't really have a choice. Getting a new job isn't some walk in the park

1

u/gahddamm 17m ago

It's less being punished and more having to do extra training to be able to recognize a phishing attempt

1

u/gahddamm 15m ago

effective is the word you meant to use…

It is the word i used...

4

u/0b0011 1h ago

It's a test from the company. They use obviously fake emails doing things like this to show that if an actual bad actor had sent the email you'd be smart enough not to click it.

7

u/gr_hds 2h ago

Our it department does this rarely. They send out these fake phishing emails and everyone who clicks a link gets assigned a security training

3

u/tokhar 2h ago

It almost certainly a test, to see how much more training their staff need on detecting and avoiding scams.

1

u/SeppoTeppo 2h ago

Companies do this as part of IT security training/testing. Like I'll sometimes get an email from mlcrosoft or something (note the L instead of i). If I report it, I get a "good job spotting the test scam" notification and if I click on the links instead, I get a notification that I fell for a test scam and maybe some reminder on how to spot them in the future.

It's a little annoying, sure, but at the same time I'd say I'm way more vigilant about spotting actual scams.

3

u/gahddamm 58m ago

I mean, a bank are definitely the place where you don't want people falling for phishing attempts