*Not really from management, but masquerading as management — it’s a broadcast phishing attempt that made it through the mail filters at work:
You’re satisfaction as an employee of our company is of vital importance to us. This is why we have created a quick, ten question survye to better assess whether we are meeting the needs of our employees; now is a great time to address questions or concerns and improve your employee experience moving forward.
Please take a few minutes to complete this survey. All participants will be considered for a gift card giveaway.
The survey can be found here: [Link Redacted]
It’s a trap!
Well, you signed it as Management — and, though I intentionally redacted the link itself, the link did have the name “management” included.
But even more obvious to me are the numerous tells:
you’ve used the contraction for ‘you are’ rather than the possessive form.
you’ve misspelled ‘survey’.
perhaps subtle, it’s strange that you’ve used a contraction (while incorrect) but that you’ve not used contractions elsewhere.
you haven’t actually identified who “we” are or whom management is managing.
the message headers (redacted, because I don’t feel like sifting through the data) don’t include any reference to our domain other than the recipient.
These are a few of the things that were obvious to me, but would no doubt have (did?) tricked CowOrkers into clicking through.
What I’m a bit disappointed by is that our organization no longer has the Notify or Report option in Outlook. It was a feature that was integrated into MS Outlook to notify the internal security team of threats detected. I guess it was short-lived.
I wonder whether they don’t care, that they were getting inundated by the barrage of mistaken (or legitimate) messages, or if the option had been mistakenly removed from Outlook.