If this was also done by the site admins (rather than being a deliberate attempt at sabotage), it seems a bit xkcd-169-y to me.
If it was done by the admins: If someone receiving that message had replied to say something like “the button still says ‘launch the nukes’—please clarify”, what would they have been told?
If Chris could be confident it came from the admins I’d agree, but with my current knowledge (and assuming the admins would have been honest had Chris messaged them on their normal accounts) it feels more like pentesting.
My company “evaluates” phishing propensity by sending employees emails directing them to “honeypots” which are in the corporate domain and signed by the corporate ssl certificates. Unsurprisingly, many employees trust ssl and enter their credentials. My takeaway was not that people are bad at security, but that they will tend to trust the system if the stakes don’t appear too high.
My partner says that as a kid, their school did something similar as part of “don’t talk to strangers” teaching. The “stranger” in question was someone the class been working with all day, introduced by their teacher.
If this was also done by the site admins (rather than being a deliberate attempt at sabotage), it seems a bit xkcd-169-y to me.
If it was done by the admins: If someone receiving that message had replied to say something like “the button still says ‘launch the nukes’—please clarify”, what would they have been told?
If Chris could be confident it came from the admins I’d agree, but with my current knowledge (and assuming the admins would have been honest had Chris messaged them on their normal accounts) it feels more like pentesting.
My company “evaluates” phishing propensity by sending employees emails directing them to “honeypots” which are in the corporate domain and signed by the corporate ssl certificates. Unsurprisingly, many employees trust ssl and enter their credentials. My takeaway was not that people are bad at security, but that they will tend to trust the system if the stakes don’t appear too high.
My partner says that as a kid, their school did something similar as part of “don’t talk to strangers” teaching. The “stranger” in question was someone the class been working with all day, introduced by their teacher.
I also think that XKCD would be quite appropriate had it been the site admins. But no, it was not us.