It'd be okay if IT security took responsibility for the link, but they say we're still responsible if we click on a maliciously link. So I click on nothing, or report things as phishing so they'll do a manual review. I've reported emails from HR as phishing because you just can't tell.

March 04, 2026 - 17:03 UTC

3
0
23
When we get new computers my IT dept. asks us to send them our password in essentially an online survey form. I always report it as an attempted scam just to remind them how insanely bad security it is, but they don't seem to care.
1
0
1
There was some process we used to have where they'd ask for our pword, and I'd always tell them no. But not everyone feels empowered to do so. I've also seen our head of IT leave his office with his computer unlocked, and IT Security officer hold the door open for someone instead of them badging in.
0
0
0
Yup. My personal policy is "Did I request or did I expect to receive this email? No? 'Mark as Phishing'."

If it is something that I didn't expect but think it COULD be legit, I post a screenshot in the chat channel we have to report security events. It isn't worth any more of my time and attention.
1
0
2
Somewhere in another thread there's a gang of IT security professionals complaining about "idiot" users marking everything as phishing...
0
0
1
I report HR emails as phishing b/c they keep sending Word files like it's 2001
1
0
6
The HR emails really are the worst because they'll say something like "Here's a new employee program. Click here to register" and then people's guard will be down to enter personal info since it's from HR. IT is similar. There should be communication prior to soliciting info/action.
1
0
8