this post was submitted on 23 Oct 2025
1168 points (99.4% liked)

Programmer Humor

27477 readers
1603 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
1168
Free iphone (piefed.europe.pub)
submitted 1 month ago by tfm@piefed.europe.pub to c/programmer_humor@programming.dev
77 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] tiramichu@sh.itjust.works 178 points 1 month ago (7 children)

A previous (huge) company of mine sent out a lot of phishing test emails, some of which were pretty convincing.

As developers, we quickly discovered that all the emails had a metadata header in them which identified them as a phishing test, so we set up a filter for it so every email since is clearly coded with a bright red "Phishing test!" label.

[–] toynbee@lemmy.world 77 points 1 month ago (2 children)

... You must be one of my co-workers. Except that we just delete ours rather than labeling them.

[–] tiramichu@sh.itjust.works 85 points 1 month ago* (last edited 1 month ago) (1 children)

We needed to label them because the requirement was not only that we don't click them, but that we use the "report phishing" function on them.

Also some of them were pretty funny.

[–] ViatorOmnium@piefed.social 9 points 1 month ago (2 children)

Was it hoxhunt? It's a bit spammy but they seem to push for a more gamefied approach over collective punishment.

[–] tiramichu@sh.itjust.works 19 points 1 month ago

Not in my case, no. The content was completely custom to the organisation. I assume they were big enough that they felt like a lot of the risk would come from coordinated spearphishing carefully crafted to look like genuine corp email.

[–] Aviandelight@mander.xyz 4 points 1 month ago

I fucking hate hoxhunt. Just let me send shit to the junk folder and ignore it.

[–] ook@discuss.tchncs.de 4 points 1 month ago (1 children)

Aren't you supposed to report them though

[–] toynbee@lemmy.world 3 points 1 month ago

In my case, the phishing tests originated with the organization that owns my employer, rather than within my employer itself. Our email states are entirely distinct so, while we can report the emails, no one would ever care.

[–] affenlehrer@feddit.org 14 points 1 month ago (1 children)

X-Phish

[–] lessthanluigi@lemmy.sdf.org 2 points 1 month ago

My favorite band from 1999

[–] Dave@lemmy.nz 13 points 1 month ago

Where I work they use the microsoft phishing simulation, for which they publish a list of domains they send from.

[–] slazer2au@lemmy.world 8 points 1 month ago

I have the same thing. All the emails come from nova.phishme.com so I have outlook set to mark them as junk so I can "report" the phishing attempt.

[–] dennisnedry@feddit.nu 5 points 1 month ago

Thanks for the tip!

[–] brbposting@sh.itjust.works 2 points 1 month ago* (last edited 1 month ago)

Assuming that’s disabled -

experienced folks can get caught (e.g. maybe waking up before dawn or something)

Can be a good reminder, a little humbling!

[–] Honytawk@feddit.nl 2 points 1 month ago (1 children)

Did it also label real phishing mails?

Because those tests are send out for a reason. And in my experience, developers are some of the worst at cybersecurity.

[–] theolodis@feddit.org 1 points 1 month ago

Honestly, I don't click on anything in Emails. If it is important, somebody will write me in Teams/Slack, and otherwise I just acknowledge and ignore.