*Not really from management, but masquerading as management — it’s a broadcast phishing attempt that made it through the mail filters at work:

All,

You’re satisfaction as an employee of our company is of vital importance to us. This is why we have created a quick, ten question survye to better assess whether we are meeting the needs of our employees; now is a great time to address questions or concerns and improve your employee experience moving forward.

Please take a few minutes to complete this survey. All participants will be considered for a gift card giveaway.

The survey can be found here: [Link Redacted]

Thank you,

Management

It’s a trap!

Well, you signed it as Management — and, though I intentionally redacted the link itself, the link did have the name “management” included.

But even more obvious to me are the numerous tells:

• you’ve used the contraction for ‘you are’ rather than the possessive form.
• you’ve misspelled ‘survey’.
• perhaps subtle, it’s strange that you’ve used a contraction (while incorrect) but that you’ve not used contractions elsewhere.
• you haven’t actually identified who “we” are or whom management is managing.
• the message headers (redacted, because I don’t feel like sifting through the data) don’t include any reference to our domain other than the recipient.

These are a few of the things that were obvious to me, but would no doubt have (did?) tricked CowOrkers into clicking through.

What I’m a bit disappointed by is that our organization no longer has the Notify or Report option in Outlook. It was a feature that was integrated into MS Outlook to notify the internal security team of threats detected. I guess it was short-lived.

I wonder whether they don’t care, that they were getting inundated by the barrage of mistaken (or legitimate) messages, or if the option had been mistakenly removed from Outlook.

But, there you go — the more you know.