this post was submitted on 01 Jun 2026

615 points (99.0% liked)

Comic Strips

23932 readers

1961 users here now

Comic Strips is a community for those who love comic stories.

Rules

😇 Be Nice!
- Treat others with respect and dignity. Friendly banter is okay, as long as it is mutual; keyword: friendly.
🏘️ Community Standards
- Comics should be a full story, from start to finish, in one post.
- Posts should be safe and enjoyable by the majority of community members, both here on lemmy.world and other instances.
- Any comic that would qualify as raunchy, lewd, or otherwise draw unwanted attention by nosy coworkers, spouses, or family members should be tagged as NSFW.
- Moderators have final say on what and what does not qualify as appropriate. Use common sense, and if need be, err on the side of caution.
🧬 Keep it Real
- Comics should be made and posted by real human beans, not by automated means like bots or AI. This is not the community for that sort of thing.
📽️ Credit Where Credit is Due
- Comics should include the original attribution to the artist(s) involved, and be unmodified. Bonus points if you include a link back to their website. When in doubt, use a reverse image search to try to find the original version. Repeat offenders will have their posts removed, be temporarily banned from posting, or if all else fails, be permanently banned from posting.
- Attributions include, but are not limited to, watermarks, links, or other text or imagery that artists add to their comics to use for identification purposes. If you find a comic without any such markings, it would be a good idea to see if you can find an original version. If one cannot be found, say so and ask the community for help!
📋 Post Formatting
- Post an image, gallery, or link to a specific comic hosted on another site; e.g., the author's website.
- Meta posts about the community should be tagged with [Meta] either at the beginning or the end of the post title.
- When linking to a comic hosted on another site, ensure the link is to the comic itself and not just to the website; e.g.,
  ✅ Correct: https://xkcd.com/386/
  ❌ Incorrect: https://xkcd.com/
📬 Post Frequency/SPAM
- Each user (regardless of instance) may post up to five (5 🖐) comics a day. This can be any combination of personal comics you have written yourself, or other author's comics. Any comics exceeding five (5 🖐) will be removed.
🏴‍☠️ Internationalization (i18n)
- Non-English posts are welcome. Please tag the post title with the original language, and include an English translation in the body of the post; e.g.,
  Sí, por favor [Spanish/Español]
🍿 Moderation
- We are human, just like most everybody else on Lemmy. If you feel a moderation decision was made in error, you are welcome to reach out to anybody on the moderation team for clarification. Keep in mind that moderation decisions may be final.
- When reporting posts and/or comments, quote which rule is being broken, and why you feel it broke the rules.

Banned Artists

The following artists are banned from the community.

Jago
Stonetoss

It should be noted that when you make reports, it is your responsibility to provide rational reasoning why something should be removed. Saying it simply breaks community rules is not always good enough.

Web Accessibility

Note: This is not a rule, but a helpful suggestion.

When posting images, you should strive to add alt-text for screen readers to use to describe the image you're posting:

Markdown - Links / Images

Another helpful thing to do is to provide a transcription of the text in your images, as well as brief descriptions of what's going on. (example)

Web of Links

!linuxmemes@lemmy.world: "I use Arch btw"
!memes@lemmy.world: memes (you don't say!)

founded 2 years ago

MODERATORS

dohpaz42@lemmy.world

TheTechnician27@lemmy.world

Harvey656@lemmy.world

slazer2au@lemmy.world

otter@lemmy.ca

cannedtuna@lemmy.world

18107@aussie.zone

otter@lemmy.world

615

Acceptable Use Pawlicy [TrueNuff] (lemmy.world)

submitted 2 days ago* (last edited 2 days ago) by cannedtuna@lemmy.world to c/comicstrips@lemmy.world

43 comments fedilink hide all child comments

Transcript

Panel 1: [Coworker in a red tie with dark hair leans into the cubicle of IT who is busy on a computer, a key card or ID hangs around his neck]

Coworker: I clicked an email link and it says I need training?

Panel 2: [IT stops working and looks irritated]

IT: Ah yes. The Training.

Panel 3: [IT sprays the coworker with a spray bottle]

FSHSSSH

IT: BAD! THAT WAS BAD!

Panel 4: [IT continues spraying the coworker, now crouching down hands raised defensively as the water is sprayed in his face. IT ha a look of glee on his face as another coworker walks by with a look of concern on her face, papers in hand.]

FSHSSSH

Coworker: HISSS!

Alt Text

The next training module unlocks after three hisses

Source

top 43 comments

sorted by: hot top controversial new old

[–] MrShankles@reddthat.com 1 points 8 hours ago* (last edited 8 hours ago)

Message Details
xxxx.ThreatSim. org (or something similar)
Report Phishing
Thank you for detecting this phish sim and keeping us safe

A decade with 100% accuracy, and I still haven't gotten a prize. Worst game ever

[–] valtia@lemmy.world 3 points 12 hours ago

I failed an internal phishing test one time, the first time I've been on the receiving end of the tests instead of the one making it up and sending it out

Anyway, I was still new at the company so I wasn't sure of all the usual domains and processes they have. During an all-hands meeting, the CEO mentioned that we will be receiving our bonuses soon and to make sure to adjust your settings if you want to avoid it all going into your 401k or something. A week later, I get an email saying that I need to adjust my payroll settings for the upcoming bonus. Turns out, it was a phishing test. Jokes on me, the real email to adjust those settings came 4 months later.

[–] mech@feddit.org 39 points 2 days ago* (last edited 1 day ago) (1 children)

Someone at my company clicked on a phishing link and actually entered their AD login password when asked.
We nuked his account and recreated it using p.lastname instead of the usual peter.lastname as username.

We told the C-Suite this is necessary as the former e-mail address is now known to attackers as a potential mark. But internally, the senior admin called it "Learning through pain".

Later found out his colleagues called him Pee-Dot behind his back for a while.

[–] HeyThisIsntTheYMCA@lemmy.world 2 points 20 hours ago

MY NICKNAME HAS NOTHING TO DO WITH WHIZZING MY PANTS

honestly i'd lean into it if my coworkers started calling me Pee-Dot. That's hella funny.

[–] Folstar@lemmus.org 8 points 1 day ago (1 children)

IT the next day "We spent an absurd amount of money on a new 3rd party service without telling anyone and for some reason nobody is opening the emails that company sent to our employees. Are they stupid or something?".

[–] bingrazer@lemmy.world 2 points 12 hours ago

We had a mandatory training earlier this year (the typical "don't harass your coworkers stuff"), but the account they sent the link from was a a 32 character string of random letters and numbers followed by a domain I didn't recognize. I reported it as phishing since none of the links led to the company's domain. I got in trouble about a month later because the deadline had passed and I hadn't taken the training.

[–] ComfortableRaspberry@feddit.org 30 points 2 days ago (2 children)

The only phishing mails I receive are phishing tests from within the company..

[–] affenlehrer@feddit.org 11 points 2 days ago (2 children)

Yes, you can identify them by the X-Phish header. I hope real phishing mails have it too

[–] ComfortableRaspberry@feddit.org 9 points 2 days ago* (last edited 2 days ago) (3 children)

My rule of thumb is: if it's something nice for me, it's not real (more money, goodies, more vacation days, ...) and it worked pretty good so far. There was only one fake cyber security training invitation which kind of felt like not the most constructive idea..

[–] affenlehrer@feddit.org 13 points 2 days ago (1 children)

Yeah, also urgency is a big red flag for me. Almost all phishing messages are like "log in immediately or something bad happens"

[–] boonhet@sopuli.xyz 1 points 3 hours ago

Friend got "log into your bank account in 15 minutes to prevent deletion due to inactivity" on their work email for a bank the company doesn't even use lol

[–] mlg@lemmy.world 6 points 2 days ago

tbf I got one that was trying to warn me of incorrect tax info which needs to be resolved only a month after I started lol.

Wasn't gonna click the link but I did do a double take because they formed it really well like a proper spear phish email would.

Of course my job at some point involved memeing with gophish templates so I don't think they'll ever get me, especially when I'm using a proper client that lets me immediately swap to HTML and see the blocked image tracker tag lol.

[–] drolex@sopuli.xyz 3 points 2 days ago

Something good happens to me -> wait a minute, this is a trap!

Something bad happens to me -> all according to plan

Words to live by.

[–] slazer2au@lemmy.world 3 points 2 days ago

If phish.me or kn4b are in the header I assume it's spam and I have rules in every email account to scrap them to a special folder so I can report them to give the false positive that I identified the test.

[–] rustydrd@sh.itjust.works 6 points 1 day ago* (last edited 1 day ago) (1 children)

I recently had one that was like "Due to recent events, we feel it necessary to remind everyone about the regulations in the Code of Conduct about accepting gifts from clients. Please read the CoC if you have not done so and confirm you have read it via this link. Signed HR". The link was fake, and the sender address was, too. It was a good fake though, because we actually do have a CoC and have to read/confirm about once a year. So I'm pretty sure it was a test to select people for training.

[–] mech@feddit.org 5 points 1 day ago

That's a badly designed test though, from a psychological standpoint.
Lots of people reading it will subconsciously remember "oh, someone in this company receives and accepts expensive gifts from clients". And then wonder who it might be.
It's bad for morale.

[–] kibblebits@quokk.au 44 points 2 days ago (4 children)

We did that at a former workplace. Everyone failed.

[–] FuglyDuck@lemmy.world 42 points 2 days ago (3 children)

They do that here routinely. The last time they sent it using the email account that is basically the one email that you do not ignore because they use it for urgent “please push the patch asap” type emails.

If that email is compromised they got bigger issues.

[–] kibblebits@quokk.au 22 points 2 days ago (1 children)

They bought a domain name similar to ours and sent out emails with links to the domain and a clone login page. Pretty sneaky.

[–] otter@lemmy.ca 10 points 2 days ago (1 children)

At a previous job, they used to send them fairly often, using various tricks to keep people on their toes. I found it fun

[–] Nighed@feddit.uk 6 points 2 days ago

All of ours have phishing in the URLs or in the email headers, if only real phishers were so nice!

[–] otter@lemmy.ca 8 points 2 days ago (1 children)

What would that be testing, whether the users are psychic? If the email sender is legitimate, then what else would users need to do?

[–] FuglyDuck@lemmy.world 7 points 2 days ago (1 children)

my team actually does pretty good with the cyber security checks. the people running the have to meet a certain amount of metrics so they figured "hey if we send it from this one email, everyone is going to trust us!" ... because that's what they're supposed to do... Which makes a terrible thing to do. because now they're always going to be asking if this new email is another test.

(Bruh. if you want us to go to training, just ask.)

[–] Buddahriffic@lemmy.world 3 points 1 day ago

I wish they'd take the test ones one step further and actually try to phish some information. I failed one of those tests but realized it right after clicking the link, but it didn't matter because they assume that clicking the link means you're going to provide everything else they are looking for.

Not sure what kind of links your regular urgent emails usually have, but if you're regularly clicking strange links as part of your job, they should really take it to the next step and see if you were going to provide credentials or something before failing the test because otherwise it just means people are afraid to do their jobs because it might be another test.

[–] surewhynotlem@lemmy.world 2 points 1 day ago (1 children)

that email is compromised they got bigger issues.

Sending an email doesn't have authentication. I can send an email as literally anyone. It's a very trusting protocol.

Now, if your company is particularly good they might have set up protections from this. But it's not required, and not super common.

[–] FuglyDuck@lemmy.world 1 points 1 day ago (1 children)

An email service can check every email and catch the vast majority of spoofed headers pretty easily.

You’re right, it’s possible that the email is spoofed and passed the header checks, or that email is already compromised, or something.

That said, using one’s one legitimate email in a phishing test. They said the same stuff. So we spent about a month calling them for every email they sent (including the “you need to sign up for training”)

It creates more problems than it’s worth, and they caught the point pretty quickly.

[–] surewhynotlem@lemmy.world 1 points 1 day ago

spent about a month calling them for every email

Hah! I did the same with every spam email that got through the filter.

[–] HeartyOfGlass@piefed.social 7 points 1 day ago

My former workplace stopped publishing the stats on which department had the most failures when the first round showed more than half of the executives clicked the scam link in their email.

[–] village604@adultswim.fan 7 points 2 days ago (1 children)

Jokes on them, I don't open any emails. For security, of course.

[–] kibblebits@quokk.au 7 points 2 days ago

“I’m sorry, I marked you as spam.”

[–] OwOarchist@pawb.social 4 points 2 days ago

Did they complain to HR about the squirt bottles?

[–] Kolanaki@pawb.social 27 points 2 days ago (1 children)

Email viruses can't affect me because I never read my emails 😤

[–] LittleBorat3@lemmy.world 3 points 1 day ago

There's so much bullshit that I just erase quicker than my shadow. When that thing on the bottom left pops up, there's a trashcan on the notification.

I erase anything that is not addressed to me directly in that split second.

[–] Ariselas@piefed.ca 8 points 1 day ago (1 children)

Jokes on you, I click on that link to waste a 1/2 hour of paid time "training".

[–] AFallingAnvil@lemmy.ca 3 points 1 day ago (2 children)

Click on it too much, you'll be deemed a unfixable risk and bye bye job. Just be careful out there!

[–] HeyThisIsntTheYMCA@lemmy.world 1 points 20 hours ago

some of us like the ol' spray bottle and newspaper tho, has nothing to do with being a risk. i mean there's so much shit management out there they'd never invest the time to learn how to communicate properly with their employees. have you ever heard of any company anywhere doing that? I haven't.

[–] Ariselas@piefed.ca 9 points 1 day ago

Maybe, but I work at a university. With all of the faculty refusing to use the institution's hardware and bringing their own, students with God knows what, and some of our infrastructure still running windows 95 because they won't buy new software, I'm pretty sure the whole place is unfixable. Half of our IT rage quits every few months

[–] Yondoza@sh.itjust.works 16 points 2 days ago* (last edited 2 days ago) (3 children)

I work at a large well established company. I get so many legitimate emails from outside our domain that I am required to click on. Performance reviews, company surveys, corporate training...

Then they wonder why people click fishing links. Bugs the crap out of me. I'm not going to remember the exact domain of the survey company we use, what are you crazy?

[–] thebestaquaman@lemmy.world 8 points 1 day ago* (last edited 1 day ago)

I’m not going to remember the exact domain of the survey company we use, what are you crazy?

I agree, and have decided to err on the side of caution, and also put the irritation over on higher-ups. If I get some link I'm required to click that I'm not actively expecting from an unrecognised address, just trash the email. A couple times, I've gotten follow-up from a superior asking me why I haven't responded to , and I just tell them I haven't seen it and that it probably got caught in my spam filter. They send me the link in question, and I respond.

I quite quickly realised that most of those surveys they need "everyone" to respond to will just slide quietly by when I do this, so I don't need to spend time on them. My reasoning is that if it's actually important, I'll get it through a reliable channel, and so far that's worked.

To be fair, I also dump anything that comes from some variant of "noreply" to junk. I figure that if I can't reply, and I'm not actively expecting the email enough that I check my junk folder, it isn't important.

[–] Nighed@feddit.uk 4 points 2 days ago

We use mimecast, so all links in emails are replaced with links through mimecast for them to check.

That means you can't see the original link easily though..... So makes it harder to check if they are iffy.

[–] MonkderVierte@lemmy.zip 2 points 1 day ago* (last edited 1 day ago)

Look at the URL before you click. Enforcing plain text mails makes it easier.
Spam/phishing also usually neglect the plain-text part in copying company mails. Yeah, a lot of shitstain companies too, but spam still looks different in plain text.

[–] owenfromcanada@lemmy.ca 9 points 2 days ago

Employees who fail our phishing test will have anchovies thrown at them

[–] LittleBorat3@lemmy.world 1 points 1 day ago

I clicked on that link once, can confirm this is what happens.