There's was the general "don't follow links in unknown emails" but nothing about what to do if you're sure it's a bad email but terminally curious.
As far as I could tell nothing bad could happen (even JS was off in the browser I used to open it) when I followed the link, but is there something I should be aware of?
The security teams are correct in the training they run about these: report the suspicious email and leave the investigation to them, don't try to DIY the investigation. Note you aren't penalized for false positives (reporting a legitimate email as a phishing attempt).
Okay, but if I'm not supposed to click on unknown links, why do I even have a web browser installed on my work machine? 99% of the time I'm using it to access unknown and untrusted external websites.
I don’t understand this attack: if attacker can control CSS on the page - then they probably can also control javascript. Which means they can extract any data from it.
That is a nifty way to steal data. Luckily I was running in a completely clean environment inside a VM so wouldn't be an attack that could have occurred this time.
I wonder how many such phishing e-mails a company gets a day.
If the volume is not that high and it's something manageable by the (proper) security team, I wonder if a company could implement a policy where the employee can report a phishing e-mail to the security team and get to sit with them to watch them investigate. If that's not possible, maybe have the security team write up about investigations into phishing e-mails from time to time and send the results to employees as internal memos.
I work at a big company with 10,000+ employees (only 100s of software people, mainly sales people). We get phished probably once a year no lie. You've got older folks working HR departments and someone gets an email like.
from: jim.bob.sales@bigcompony.com
"hey cindy it's bob your bosses boss boss. I forgot my password and have a MAJOR presentation coming up. Can you give me yours for login so i can see our powerpoint?"
