The thread is locked, with a comment graveyard so I can't tell if it was asked. But I really want to know what "failed a phishing test" actually means, because those types of security tests almost always just sign you up for additional training. Getting fired for failing training would be a new one, though I guess fairly reasonable.
Exactly those phishing tests are for education, the can’t get people trained if they fire them immediately. Theres no way this was the first instance, or write up.
it educated me to find the specific header they use to let it bypass the internal filtering untagged (X-Phishtest), and setup my own filter to move those to trash automatically.
KnowBe4 is one of the reasons I almost lost my shite at my last job. Our spam filter would catch the phishing tests, open them, and store them in a quarantine. It would not catch the emails telling me I failed a phishing test by opening the aforementioned email.
It took me getting a “fail” while on vacation for a week and a half with no access to my inbox for them to accept there was a problem.
I just today had a couple of (usually) brilliant colleagues fail a test because they thought the big boss was inviting them to a function. Fortunately I hate gatherings (and also the From email address was weird).
I work in manufacturing, they are stingy with personal tablets, and want me to leave my area, find a computer, and log into and out of my email hourly so all the desk jockeys don't have to come out on the floor.
My way of avoiding everything email related?
I just don't, and the desk jockeys get a whole 5 minutes of walking time to "find" me in the same room out in the open I am literally always in. The other benefit? I actually get my work done in a timely manner because I'm not wandering around for 20 plus minutes an hour trying to find an unoccupied pc.
We actually use both. The other half of the company uses teams primarily. We use slack primarily. I am not responding to teams messages. If you can't use slack, I shouldn't be talking to you
Or they refused/were belligerent about the follow-up training. "What do you mean I have to attend 4 hours of training because I clicked a link in an e-mail?! That's bullshit! You're the worst manager ever, you tried to trick me with that e-mail." /surprised pikachu face after being fired
It's been deleted, but earlier there was a post by someone who said they had worked for JP Morgan and you had to fail 4 consecutive phishing tests for there to be serious consequences.
IT at my last place said the same thing. First time its online training, 2nd time (within either 6 months or a year) was repeat online training, 3rd time was in person training, and the 4th time was getting fired.
Working for JP Morgan I'm betting they're in a position where they are handling investment money. Those positions tend to be much more rigorous in demanding that you are knowledgeable weary regarding phishing due to the amounts that they could lose if it happens.
It also might depend on how obvious the phishing bait was and how aggressively they pursued opening the phish as well.
I've had folks who got a phishing email, but our security system blocked them from opening the link rightfully, so they tried opening it on their phone to still get blocked, so they forwarded it to their personal email to try opening it from there.
I highly doubt that it was just this single phishing test that got LAOP fired but just the final straw.
We have those too. We still get people that will input their credentials into a random website that looks like O365 then we get alerted that their account is now locked because of some logins from Africa or India when the person is currently in the US. We have all of that automated so it's rare for an attacker to get in with that method but it's still a couple hours work for us to verify that and make sure the threat actors didn't actually get anything or do anything.
I know all my hardware is location tracked so I’m pretty sure my account is too. In part because I work with export restricted tech data, so if my account or hardware pops up somewhere that isn’t the US, it won’t just be IT freaking out
Your logins can always be tracked because IPs are assigned to location and it is trivially easy to see where that is. If the computer is managed it would also be trivial for it to report what IP it is currently connected to. So both your and the hardware location are absolutely tracked whenever you log in.
Generally it's a bad idea to fire employees just for falling for an actual scam, if it's an honest one-off mistake. (Let alone a test.) You don't want people who fall for one to attempt to cover it up instead of admitting it. The last cybersecurity course I did specifically reassured employees that telling somebody immediately was the right thing to do.
Obviously if they inflict severe financial damage you might have no option, but what processes and checks are in place to stop a single rogue employee doing that?
I worked at a place where our receptionist (who worked for HR for some reason) sent all of our W-2s to a scammer. She was fired, her boss was fired, and the HR director was demoted. It was a shitshow. Not sure if any IRS fraud was committed, but we got LifeLock (or something similar, I can’t remember) for at least a year.
It also might depend on how obvious the phishing bait was and how aggressively they pursued opening the phish as well.
This is what I wondered. "Aggressively" pursuing opening the phish or showing general enthusiasm in complying with sketchy phishing requests may require a bit more than more training.
(I regularly work with sensitive and classified information and although it isn't something we do--if they sent phishing bait that said "hey we wanna buy some secrets from you" and you responded with "sounds good, how much" then getting fired would be the least of your worries. I wonder if "I failed the phishing test" is an understatement here.)
Yeah, it's one thing to click on the link in phishing email. That can happen accidentally. It's another thing to, continue filling out the form the email points to despite obvious signs something isn't right.
I don't work for Chase, but another similarly large bank, and those emails are also INCREDIBLY easy to spot. Like, "claiming to be an email from an internal department but somehow came from an external sender and the email domain is Gmail" easy. If you can't identify a that an email is a phishing attempt, real or fake, you can't be trusted to catch people scamming your customers out of money by claiming that the customer needs to wire their boyfriend Sting, who them met in Facebook messenger, money so Sting can buy them a plane ticket to come visit him.
My place, if you fail a bunch of tests, even with training, they will fire you eventually - because at that point it's either utter incompetence, or it is deliberate
OP's one comment (in another group with the same post, replying to someone who suggested he fight his termination)
I tried that route. Some people that on the legal field (not straight out lawyers), said that my employment was at will and I would spend more time and money trying to fight to see if I could get some severance and that getting my job was next to impossible. Was there for 10 years and they throw to the curb for some emails that cost them 0$. Not trying to go back at this point.
Never mind that the reason for these trainings are that banks routinely lose thousands to millions of dollars to these scams. Companies have literally gone out of business to them, multimillion dollar contracts have been lost, etc.
I saw a quarter million payment go to one of them this year because their email had been compromised and the scammers jumped in at the end of a deal to change payment details spoofing the other sides email address.
Luckily that wasn't my company so not my issue to deal with. And we have procedures that payment information changes must be confirmed with a known account phone number prior to anything being changed.
I got fired by JP for failing a phishing test and now they want me to pay for tuition reimbursement.
Location: New York
Hi! I just got this letter asking me to reimburse them for some tuition I ask for my mba and not sure how to proceed. I thought this was if it you leave voluntarily. This is what sent me:
Hello,
While you were employed with JPMorgan Chase & Co., you utilized the Education Benefit Program funding for courses and/or exam(s). During the application process for funding you agreed to the JPMorgan Chase & Co. policy regarding eligibility for Education Benefits and the repayment obligation upon leaving employment as outlined below:
If an employee is no longer employed by the company within one year of payment/reimbursement of a course, 100% of covered expenses for the course must be repaid to the company by the former employee.
If an employee is no longer employed by the company within two years of payment/reimbursement of a course, 50% of covered expenses for the course must be repaid to the company by the former employee. Failure to repay tuition assistance will impact rehire eligibility.
The above schedule applies separately to each course. Repayment obligation is determined by the date the benefit was paid to the school or the date the employee was reimbursed.
Your Education Benefits meet the criteria for repayment Our records indicate your last day of employment with JPMorgan Chase & Co. was 9/2025. In accordance with the terms of your application as explained above, your total amount due is $xxxxxx and is due upon receipt. It is important to know that the total amount due above may not include all Education Benefits with a repayment obligation. If it is determined that additional Education Benefits were paid on your behalf and meet the criteria for repayment, you may receive additional letters with the details of any adjusted amounts.
Please note: If you return to JPMC (JPMorgan Chase & Co.), any outstanding balance you owe to the firm must be repaid in full before your rehire start date.
I am not sure if they just doing this to get money when I am already flagged to be not hire able in the future or if should pay them in case I get sued. Thank you. Any advice is helpful.
Bug Fact: You have won $1,000,000 in the BOLA Lottery! Please send a picture of the front and back of your ID, two credit cards, and your birth certificate to claim your funds.
Any external emails from people I don't know get reported as "phishing attempts"
Most phishing "Tests" made by my company is your boss sending you a "link" about a delayed fedex package or saying that I need to review the terms of my changed benefits (or something similar) and to read more on a provided link. It's meant to be clicked on immediately because it's a fake email from a supervisor - and thus, be a good "fake-phish".
It's funny to me because my actual boss is designated as a "lead" so the structure of my unit makes the fake phishing attempts very pathetic. My organization-boss never emails me, so its very easy for me to report the phishing tests.
One of my simplest ways of avoiding it is reaching out to the person it's emulating via an alternative method. My CEO texting me via whatsapp? Hey bossman on slack, what's up?
Easiest test. (It's also a standard practice to verify via a secondary channel. We avoided a wire fraud scenario that way).
The IT department at my work consists of evil geniuses then, because they send out the most devious phishing tests.
We had one where the mail address was spoofed to look like the regular work mail address, the layout perfectly mimicked the house style, the list of addressees showed the sender knew who worked in what department and the topic matched a semi-annual request we would get. The only giveaway was the little banner saying 'This sender seems to be from outside the organisation'.
I was kinda surprised that a spoofed address passed through the filters so I tried it later and no luck. So I think IT had to consciously turn off some protections to be able to do the test.
We were having a new HR system installed from “HRCompany”. IT then sent out a completely legit looking email from “HRCompany”. It has everything looking perfect except one tiny spelling mistake 3/4 of the way in. Seeing how nowadays spelling can be terrible a good 70% of the company ignored that issue and clicked the link. I always thought it was a bit mad to punish us for condensing the “you fucked up” email from IT also contained spelling mistakes lol
Oh damn, I'd 100% fail that one. I get a ton of legit emails that are full of spelling errors. Even company-specific terms get misspelled a lot because they are often in Spanish or indigenous languages that not everyone working there speaks (we're in the US and the bulk of our work is conducted in English); I realized I'd been misspelling the name for our reference material library in emails about six months into the job, and I have much better proofreading skills than most of my coworkers (not meant to be a dig, I just used to be a professional writer/editor).
Luckily, I think my IT department is aware of that because our phishing tests are a bit more reasonable. 😂
I worked with a proud older technophobe (around 60) who got our entire system locked down with ransomware for a week by being a fucking moron. She denied clicking anything, but the rest of us weren't the type to fall for that nonsense. I had to recreate three days of medical records from memory because our backup was only done weekly (despite being told it was every night).
I took over some Boomer whose documentation process (up to 2015) was to print out every email. Not the final email chain. Every email and its reply. Email (1), Print; Reply (2), Print; Reply (3), Print; ...
I had literal boxes of this correspondence. After 5 years of having never opened any one of those boxes, I had our office secretary burn them all.
I got a nasty gram from corporate IT who did their own phishing test because I deleted the email instead of clicking “report phishing” even though I didn’t click on any links
He did order them to change the combination on his luggage after he revealed that last time. Probably something more secure like 54321 now. Nobody ever suspects descending numbers.
I really want to know the amount they want back, number of phishing attempts they failed, and how long they were at the company. Not cause I can help, just very curious
That would be annoying. I work someplace where the phishing report button was deeply buried somewhere by default, and so I wasn't reporting because it took me way too long to figure out how.
They sent out a "please report, don't delete" message as the only consequence, but they also moved the button so I can actually find it in under 15 seconds now, so now I actually report them.
Claiming back tuition funding when the company fires the employee for anything short of gross misconduct (like embezzlement) seems very unreasonable and open to abuse. Mere incompetence shouldn't be enough to trigger the repayment. That creates a very obvious moral hazard for the employer, which may very well be what happened here.
I would have been very reluctant to sign such a contract for my education. "If you quit, you owe us" is already dangerously similar to indentured servitude. "If we fire you, you owe us" is just plain gambling.
To play devil's advocate, if an employee took an advance on their wages to be repaid over time, and was then fired, you'd expect the company to chase repayment. Tuition likely cost the company hundreds or even thousands of dollars and benefits the employee's career, so it's little different from taking a wage advance and spending that on tuition.
However, in my anecdotal experience, it is waived in all but the most extreme cases (e.g. the company pays for a course and the employee immediately jumps ship to a rival). Firing an employee and then chasing them for a debt they can't repay because you fired them is not a good look. Even if the firing was justified, you don't want them to take you to court or a tribunal over it as the cost is likely to dwarf the amount at stake.
In some cases, employees who owe their company for training and get a new job might be able to get their new employer to pay for repaying the old one, as a small golden handshake.
Investing in your staff shouldnt be at the expense of the employee period. There is clearly benefits to the company/business having staff attend most forms of training or higher education.
To be devils advocate should employees foot the bill for all training and the company reimburse them over time as they stay employeed by said company? No, absolutely not.
And its a completely different situation when the employee jumps ship and we both know that. I do agree with you there, the employee should weigh leaving and having to pay back the companies investment in them.
But firing for vast majority of non-serious things shouldn't initiate a claw back. Or at the very least a much more limited claw back period of say 6 months to a year at most.
Yeah, even after playing Satan's lawyer I agree with you that clawback is only justifiable if the employee has clearly taken the piss and jumps ship immediately after you invested in them.
If you invest money in training somebody up because you didn't realise they were useless and about to be sacked, that's your lack of judgment.
Education is called an investment for a reason; all investments have a risk. Some you win and some you don't.
I would not be surprised if LAOP failed a test, was warned about the consequences, failed again, was put on a PIP and explicitly warned again, failed more times, and then now is completely shocked pikachu that the thing that they were warned about multiple times happened.
Given the costs to companies from these scams, I am completely and utterly unsurprised by the game of hardball.
I hate to say this, but it would be an easy way to get yourself fired if the company had an unofficial policy of erasing debts for people laid off. risky as we see here.
Oh, the firing is perfectly justified. Get that gullible idiot off the payroll right away.
But I don't think that any amount of incompetence justifies a forced repayment of the company's educational investment. That's on them, for not screening their educational investment program for gullible idiots.
I know the last place I worked at said that you had to stay employed with them for 2 years after completing your degree. I assumed that meant quitting or being fired.
I never took advantage of it because I wanted to leave, but I would've just been really conservative in my assumptions and assumed it meant leaving in any capacity for any reason.
The clawback would be legal if LAOP had quit or been fired for wilful misconduct, but in this case the employer is the one preventing LAOP from fulfilling their end of the deal, so the clawback is unenforceable.
I might buy that if LAOP was responsible for an actual breach, but the 'failure' in question was the result of deception by an agent of JP Morgan, so it's still prevention of performance. JP Morgan can fire LAOP, but they can't use that termination to justify a clawback.
Unless the terms included "we are going to pay people to attempt to trick you into breaking these terms", the contract is still subject to the prevention doctrine.
a.) You agree, as a condition of employment to follow your company's policies, including training, which also include discipline for failing to complete or pass that training.
b.) Regular realistic training tests such as monthly test phishing emails are absolutely part of training and are industry standard. They are absolutely part of your ongoing training record, which is required for your continued employment - and may be also required for licensure and certification.
So, if your tuition reimbursement contract includes a section on reimbursement due to termination for negligence, misconduct, or being fired for cause, then that contract, plus your agreements and requirements around training, are likely enough to cover this situation.
We both know that in employment, you cannot isolate one signed document alone and assume that is the total coverage. Employees agree to all sorts of conditions as part of employment, and they all are enforceable unless state/federal law says otherwise, and New York as not passed the bill on the governor's desk that would change this.
You are casting these phishing emails as surprise trickery. They are not. Employees are explicitly trained on how to deal with them and then explicitly warned (often many times) that these emails will happen. Failures result in retraining. And multiple failures would reinforce these warnings - the chance LAOP was fired on a single failure is extremely low. These warnings may then also include MORE agreements where they are warned of potential discipline up to and including termination.
LAOP might have a case, but I suspect that once JPM lays out everything, it's gonna look pretty fucking bleak.
I guarantee LAOP was trained multiple times on how not to fall for these emails. It's not "attempting to trick you" if the purpose is very clearly to get you to stop clicking on those emails.
They already successfullly refuted that point, directly, in response to one of your previous comments. Why did you think that repeating it again would make it any less refuted? C'mon, you're usually better than this, bug-hunter.
I've responded to their point, but you can't take a single agreement in isolation when employees agree to many agreements that explain what may result in termination, combined with tuition reimbursement agreement that can claw back due to termination.
I appreciated the recommendation in the comments to not reply to any DMs they may receive.
my favorite comment
Click here to have the agreement removed.
The thread is locked, with a comment graveyard so I can't tell if it was asked. But I really want to know what "failed a phishing test" actually means, because those types of security tests almost always just sign you up for additional training. Getting fired for failing training would be a new one, though I guess fairly reasonable.
Basically, they likely had to fail multiple times to get fired.
Exactly those phishing tests are for education, the can’t get people trained if they fire them immediately. Theres no way this was the first instance, or write up.
it educated me to find the specific header they use to let it bypass the internal filtering untagged (X-Phishtest), and setup my own filter to move those to trash automatically.
I've got an inbox rule that looks for knowbe4 in the headers and categorizes it as a Phish test so I can report it lol
KnowBe4 is one of the reasons I almost lost my shite at my last job. Our spam filter would catch the phishing tests, open them, and store them in a quarantine. It would not catch the emails telling me I failed a phishing test by opening the aforementioned email.
It took me getting a “fail” while on vacation for a week and a half with no access to my inbox for them to accept there was a problem.
Oh that’s a good idea.
Haha I'm going to do that! Although they're blindingly obvious anyway imo.
I just today had a couple of (usually) brilliant colleagues fail a test because they thought the big boss was inviting them to a function. Fortunately I hate gatherings (and also the From email address was weird).
My bonafide way of passing phising tests at work is to just ignore all emails. If people want my attention, they can ping me on slack.
I like the cut of your jib.
I work in manufacturing, they are stingy with personal tablets, and want me to leave my area, find a computer, and log into and out of my email hourly so all the desk jockeys don't have to come out on the floor.
My way of avoiding everything email related?
I just don't, and the desk jockeys get a whole 5 minutes of walking time to "find" me in the same room out in the open I am literally always in. The other benefit? I actually get my work done in a timely manner because I'm not wandering around for 20 plus minutes an hour trying to find an unoccupied pc.
So your method of avoidance is just really, REALLY avoiding it. I like it.
This is also my method
....I'm an email administrator.....
This, but Teams.
I’m way more likely to notice a Teams message than an email anyway, and if the message is “did you see the email?” I know it’s not a scam
We actually use both. The other half of the company uses teams primarily. We use slack primarily. I am not responding to teams messages. If you can't use slack, I shouldn't be talking to you
This, or they were on thin ice anyway. If they were close to being fired for other reasons, and then also failed the test, then it would make sense.
Ooohh - that makes sense, cherry plucking the least harmful thing from a sea of context
Or they refused/were belligerent about the follow-up training. "What do you mean I have to attend 4 hours of training because I clicked a link in an e-mail?! That's bullshit! You're the worst manager ever, you tried to trick me with that e-mail." /surprised pikachu face after being fired
Or it wasn't a test, but an actual scam.
True, if they actually got phished and gave out info/money, then they'd be megafucked.
It's been deleted, but earlier there was a post by someone who said they had worked for JP Morgan and you had to fail 4 consecutive phishing tests for there to be serious consequences.
Edit: 4 consecutive TESTS. Not teats!
IT at my last place said the same thing. First time its online training, 2nd time (within either 6 months or a year) was repeat online training, 3rd time was in person training, and the 4th time was getting fired.
4 consecutive teats would mean failing the whole cow.
Thus giving us the phrase, "Don't have a cow, man." All this time, Bart was just concerned about our security.
Working for JP Morgan I'm betting they're in a position where they are handling investment money. Those positions tend to be much more rigorous in demanding that you are knowledgeable weary regarding phishing due to the amounts that they could lose if it happens.
It also might depend on how obvious the phishing bait was and how aggressively they pursued opening the phish as well.
I've had folks who got a phishing email, but our security system blocked them from opening the link rightfully, so they tried opening it on their phone to still get blocked, so they forwarded it to their personal email to try opening it from there.
I highly doubt that it was just this single phishing test that got LAOP fired but just the final straw.
I almost wonder if it wasn’t a test but an actual phishing scam he fell for, but maybe IT noticed fast enough that he assumed it was just a test.
We have those too. We still get people that will input their credentials into a random website that looks like O365 then we get alerted that their account is now locked because of some logins from Africa or India when the person is currently in the US. We have all of that automated so it's rare for an attacker to get in with that method but it's still a couple hours work for us to verify that and make sure the threat actors didn't actually get anything or do anything.
I know all my hardware is location tracked so I’m pretty sure my account is too. In part because I work with export restricted tech data, so if my account or hardware pops up somewhere that isn’t the US, it won’t just be IT freaking out
Your logins can always be tracked because IPs are assigned to location and it is trivially easy to see where that is. If the computer is managed it would also be trivial for it to report what IP it is currently connected to. So both your and the hardware location are absolutely tracked whenever you log in.
Generally it's a bad idea to fire employees just for falling for an actual scam, if it's an honest one-off mistake. (Let alone a test.) You don't want people who fall for one to attempt to cover it up instead of admitting it. The last cybersecurity course I did specifically reassured employees that telling somebody immediately was the right thing to do.
Obviously if they inflict severe financial damage you might have no option, but what processes and checks are in place to stop a single rogue employee doing that?
I worked at a place where our receptionist (who worked for HR for some reason) sent all of our W-2s to a scammer. She was fired, her boss was fired, and the HR director was demoted. It was a shitshow. Not sure if any IRS fraud was committed, but we got LifeLock (or something similar, I can’t remember) for at least a year.
This is what I wondered. "Aggressively" pursuing opening the phish or showing general enthusiasm in complying with sketchy phishing requests may require a bit more than more training.
(I regularly work with sensitive and classified information and although it isn't something we do--if they sent phishing bait that said "hey we wanna buy some secrets from you" and you responded with "sounds good, how much" then getting fired would be the least of your worries. I wonder if "I failed the phishing test" is an understatement here.)
Yeah, it's one thing to click on the link in phishing email. That can happen accidentally. It's another thing to, continue filling out the form the email points to despite obvious signs something isn't right.
I don't work for Chase, but another similarly large bank, and those emails are also INCREDIBLY easy to spot. Like, "claiming to be an email from an internal department but somehow came from an external sender and the email domain is Gmail" easy. If you can't identify a that an email is a phishing attempt, real or fake, you can't be trusted to catch people scamming your customers out of money by claiming that the customer needs to wire their boyfriend Sting, who them met in Facebook messenger, money so Sting can buy them a plane ticket to come visit him.
It could be "look in their file, what can we use as a justification to fire them".
My place, if you fail a bunch of tests, even with training, they will fire you eventually - because at that point it's either utter incompetence, or it is deliberate
OP's one comment (in another group with the same post, replying to someone who suggested he fight his termination)
Never mind that the reason for these trainings are that banks routinely lose thousands to millions of dollars to these scams. Companies have literally gone out of business to them, multimillion dollar contracts have been lost, etc.
Exactly. "Cost them $0 because they were internal tests instead of external scams, but I didn't know that when I fell for them."
I saw a quarter million payment go to one of them this year because their email had been compromised and the scammers jumped in at the end of a deal to change payment details spoofing the other sides email address.
Luckily that wasn't my company so not my issue to deal with. And we have procedures that payment information changes must be confirmed with a known account phone number prior to anything being changed.
Wouldn’t you just love to know how many “some” really was and how obvious they were?
„some emails“ 🤔
LocationBug:
I got fired by JP for failing a phishing test and now they want me to pay for tuition reimbursement.
Location: New York
Hi! I just got this letter asking me to reimburse them for some tuition I ask for my mba and not sure how to proceed. I thought this was if it you leave voluntarily. This is what sent me:
Hello,
While you were employed with JPMorgan Chase & Co., you utilized the Education Benefit Program funding for courses and/or exam(s). During the application process for funding you agreed to the JPMorgan Chase & Co. policy regarding eligibility for Education Benefits and the repayment obligation upon leaving employment as outlined below:
If an employee is no longer employed by the company within one year of payment/reimbursement of a course, 100% of covered expenses for the course must be repaid to the company by the former employee.
If an employee is no longer employed by the company within two years of payment/reimbursement of a course, 50% of covered expenses for the course must be repaid to the company by the former employee. Failure to repay tuition assistance will impact rehire eligibility.
The above schedule applies separately to each course. Repayment obligation is determined by the date the benefit was paid to the school or the date the employee was reimbursed.
Your Education Benefits meet the criteria for repayment Our records indicate your last day of employment with JPMorgan Chase & Co. was 9/2025. In accordance with the terms of your application as explained above, your total amount due is $xxxxxx and is due upon receipt. It is important to know that the total amount due above may not include all Education Benefits with a repayment obligation. If it is determined that additional Education Benefits were paid on your behalf and meet the criteria for repayment, you may receive additional letters with the details of any adjusted amounts.
Please note: If you return to JPMC (JPMorgan Chase & Co.), any outstanding balance you owe to the firm must be repaid in full before your rehire start date.
I am not sure if they just doing this to get money when I am already flagged to be not hire able in the future or if should pay them in case I get sued. Thank you. Any advice is helpful.
Bug Fact: You have won $1,000,000 in the BOLA Lottery! Please send a picture of the front and back of your ID, two credit cards, and your birth certificate to claim your funds.
i followed that link without questioning it. OP deserves my bank details
please submit your repayment of your tuition reimbursement...
This is why I report all company emails as "phish" and let IT deal with it.
Any external emails from people I don't know get reported as "phishing attempts". My advice to IT, "Get Good".
Enjoy your flair.
Appreciate it. Your comment has been reported to IT for further investigation.
Most phishing "Tests" made by my company is your boss sending you a "link" about a delayed fedex package or saying that I need to review the terms of my changed benefits (or something similar) and to read more on a provided link. It's meant to be clicked on immediately because it's a fake email from a supervisor - and thus, be a good "fake-phish".
It's funny to me because my actual boss is designated as a "lead" so the structure of my unit makes the fake phishing attempts very pathetic. My organization-boss never emails me, so its very easy for me to report the phishing tests.
One of my simplest ways of avoiding it is reaching out to the person it's emulating via an alternative method. My CEO texting me via whatsapp? Hey bossman on slack, what's up?
Easiest test. (It's also a standard practice to verify via a secondary channel. We avoided a wire fraud scenario that way).
The IT department at my work consists of evil geniuses then, because they send out the most devious phishing tests.
We had one where the mail address was spoofed to look like the regular work mail address, the layout perfectly mimicked the house style, the list of addressees showed the sender knew who worked in what department and the topic matched a semi-annual request we would get. The only giveaway was the little banner saying 'This sender seems to be from outside the organisation'.
I was kinda surprised that a spoofed address passed through the filters so I tried it later and no luck. So I think IT had to consciously turn off some protections to be able to do the test.
I had something like this as well.
We were having a new HR system installed from “HRCompany”. IT then sent out a completely legit looking email from “HRCompany”. It has everything looking perfect except one tiny spelling mistake 3/4 of the way in. Seeing how nowadays spelling can be terrible a good 70% of the company ignored that issue and clicked the link. I always thought it was a bit mad to punish us for condensing the “you fucked up” email from IT also contained spelling mistakes lol
Oh damn, I'd 100% fail that one. I get a ton of legit emails that are full of spelling errors. Even company-specific terms get misspelled a lot because they are often in Spanish or indigenous languages that not everyone working there speaks (we're in the US and the bulk of our work is conducted in English); I realized I'd been misspelling the name for our reference material library in emails about six months into the job, and I have much better proofreading skills than most of my coworkers (not meant to be a dig, I just used to be a professional writer/editor).
Luckily, I think my IT department is aware of that because our phishing tests are a bit more reasonable. 😂
I worked with a proud older technophobe (around 60) who got our entire system locked down with ransomware for a week by being a fucking moron. She denied clicking anything, but the rest of us weren't the type to fall for that nonsense. I had to recreate three days of medical records from memory because our backup was only done weekly (despite being told it was every night).
All emails on my work account go directly to the trashcan
I took over some Boomer whose documentation process (up to 2015) was to print out every email. Not the final email chain. Every email and its reply. Email (1), Print; Reply (2), Print; Reply (3), Print; ...
I had literal boxes of this correspondence. After 5 years of having never opened any one of those boxes, I had our office secretary burn them all.
Oh, improper disposal of potentially discoverable documents? That’s prison time, that is.
I got a nasty gram from corporate IT who did their own phishing test because I deleted the email instead of clicking “report phishing” even though I didn’t click on any links
I just want to say that I really hope President Skroob gets phished for the combination for his luggage in Spaceballs 2.
He did order them to change the combination on his luggage after he revealed that last time. Probably something more secure like 54321 now. Nobody ever suspects descending numbers.
I really want to know the amount they want back, number of phishing attempts they failed, and how long they were at the company. Not cause I can help, just very curious
And how they acted when asked to do some phishing training
OP was there 10 years according to his one reply (in another sub but on the same topic). No answers to your other questions though.
I failed a phishing attempt at work one time, after 10 successful reports. Got sent to an online training course. I guess 1/11 ain't bad.
The only program I hated was one where you got dinged for not reporting.
That would be annoying. I work someplace where the phishing report button was deeply buried somewhere by default, and so I wasn't reporting because it took me way too long to figure out how.
They sent out a "please report, don't delete" message as the only consequence, but they also moved the button so I can actually find it in under 15 seconds now, so now I actually report them.
The post gave me Davis Clarke vibes. Demoted to customer.
Claiming back tuition funding when the company fires the employee for anything short of gross misconduct (like embezzlement) seems very unreasonable and open to abuse. Mere incompetence shouldn't be enough to trigger the repayment. That creates a very obvious moral hazard for the employer, which may very well be what happened here.
I would have been very reluctant to sign such a contract for my education. "If you quit, you owe us" is already dangerously similar to indentured servitude. "If we fire you, you owe us" is just plain gambling.
I got laid off years ago with tuition reimbursement that I hadn't worked off, and they waived it.
But failing over and over at phishing when handling client money is gross negligence.
I gotta kind of agree working in the FI or health space should have a higher bar when it comes to IT best practices.
That being said, morally i still think the employer shouldnt be able to recoup the funds in this case.
To play devil's advocate, if an employee took an advance on their wages to be repaid over time, and was then fired, you'd expect the company to chase repayment. Tuition likely cost the company hundreds or even thousands of dollars and benefits the employee's career, so it's little different from taking a wage advance and spending that on tuition.
However, in my anecdotal experience, it is waived in all but the most extreme cases (e.g. the company pays for a course and the employee immediately jumps ship to a rival). Firing an employee and then chasing them for a debt they can't repay because you fired them is not a good look. Even if the firing was justified, you don't want them to take you to court or a tribunal over it as the cost is likely to dwarf the amount at stake.
In some cases, employees who owe their company for training and get a new job might be able to get their new employer to pay for repaying the old one, as a small golden handshake.
Investing in your staff shouldnt be at the expense of the employee period. There is clearly benefits to the company/business having staff attend most forms of training or higher education.
To be devils advocate should employees foot the bill for all training and the company reimburse them over time as they stay employeed by said company? No, absolutely not.
And its a completely different situation when the employee jumps ship and we both know that. I do agree with you there, the employee should weigh leaving and having to pay back the companies investment in them.
But firing for vast majority of non-serious things shouldn't initiate a claw back. Or at the very least a much more limited claw back period of say 6 months to a year at most.
Yeah, even after playing Satan's lawyer I agree with you that clawback is only justifiable if the employee has clearly taken the piss and jumps ship immediately after you invested in them.
If you invest money in training somebody up because you didn't realise they were useless and about to be sacked, that's your lack of judgment.
Education is called an investment for a reason; all investments have a risk. Some you win and some you don't.
I would not be surprised if LAOP failed a test, was warned about the consequences, failed again, was put on a PIP and explicitly warned again, failed more times, and then now is completely shocked pikachu that the thing that they were warned about multiple times happened.
Given the costs to companies from these scams, I am completely and utterly unsurprised by the game of hardball.
I hate to say this, but it would be an easy way to get yourself fired if the company had an unofficial policy of erasing debts for people laid off. risky as we see here.
Oh, the firing is perfectly justified. Get that gullible idiot off the payroll right away.
But I don't think that any amount of incompetence justifies a forced repayment of the company's educational investment. That's on them, for not screening their educational investment program for gullible idiots.
I know the last place I worked at said that you had to stay employed with them for 2 years after completing your degree. I assumed that meant quitting or being fired.
I never took advantage of it because I wanted to leave, but I would've just been really conservative in my assumptions and assumed it meant leaving in any capacity for any reason.
It became a huge issue when furloughs were happening. These kids couldn't afford to pay all that back (tuition and/or moving expenses).
Well, at least it doesn't seem they'll persecute LAOP for the money.
I'm surprised that nobody brought up prevention doctrine, this seems like a pretty clear application of it.
These clawbacks are generally legal. There is a bill at the NY Governor's desk that would prevent future such clauses.
The clawback would be legal if LAOP had quit or been fired for wilful misconduct, but in this case the employer is the one preventing LAOP from fulfilling their end of the deal, so the clawback is unenforceable.
Or...gross negligence. Like failing at security required when one is responsible for customer funds.
I might buy that if LAOP was responsible for an actual breach, but the 'failure' in question was the result of deception by an agent of JP Morgan, so it's still prevention of performance. JP Morgan can fire LAOP, but they can't use that termination to justify a clawback.
Do you even know how these programs work?
Yes, I do. And I know that tuition reimbursements don't live in a magical fairyland that exempts them from being governed by contract law.
You mean the contract you sign for the tuition reimbursement that explicitly lays out these terms?
Unless the terms included "we are going to pay people to attempt to trick you into breaking these terms", the contract is still subject to the prevention doctrine.
a.) You agree, as a condition of employment to follow your company's policies, including training, which also include discipline for failing to complete or pass that training.
b.) Regular realistic training tests such as monthly test phishing emails are absolutely part of training and are industry standard. They are absolutely part of your ongoing training record, which is required for your continued employment - and may be also required for licensure and certification.
So, if your tuition reimbursement contract includes a section on reimbursement due to termination for negligence, misconduct, or being fired for cause, then that contract, plus your agreements and requirements around training, are likely enough to cover this situation.
We both know that in employment, you cannot isolate one signed document alone and assume that is the total coverage. Employees agree to all sorts of conditions as part of employment, and they all are enforceable unless state/federal law says otherwise, and New York as not passed the bill on the governor's desk that would change this.
You are casting these phishing emails as surprise trickery. They are not. Employees are explicitly trained on how to deal with them and then explicitly warned (often many times) that these emails will happen. Failures result in retraining. And multiple failures would reinforce these warnings - the chance LAOP was fired on a single failure is extremely low. These warnings may then also include MORE agreements where they are warned of potential discipline up to and including termination.
LAOP might have a case, but I suspect that once JPM lays out everything, it's gonna look pretty fucking bleak.
I guarantee LAOP was trained multiple times on how not to fall for these emails. It's not "attempting to trick you" if the purpose is very clearly to get you to stop clicking on those emails.
They already successfullly refuted that point, directly, in response to one of your previous comments. Why did you think that repeating it again would make it any less refuted? C'mon, you're usually better than this, bug-hunter.
I've responded to their point, but you can't take a single agreement in isolation when employees agree to many agreements that explain what may result in termination, combined with tuition reimbursement agreement that can claw back due to termination.
I guarantee LAOP sailed past multiple warnings.