Hacker Neue

Preferences
3rodents parent
“But before responding, the digital team would do their own investigation into the fonts we use and the licences we own so we could verify everything was in compliance. […] messaged a dozen or so more people from different parts of the business, hoping to hook just one person who would reply to the scary message they were sending.”

Piece of advice for the future: if you receive a message like this, and don’t want the sender to reach out to other people in your organization — acknowledge the message.

deathanatos
…I would think the appropriate behavior would be for the security team to send an announcement stating they've seen an uptick of phishing emails, with an example screenshot, and to please not respond to phishers.
Macha
The business has no contract with Monotype, has conducted no business with Monotype, and has also (as they double checked) committed no infringement against Monotype. In short, the Monotype sales rep has no entitlement to any of the business' time.
akerl_
And yet they managed to get quite a lot of it. It looks like double digit humans spent double digit hours, some of that totally in parallel to each other by accident.

In part, that's because all the people who got nerd-sniped by this didn't ever actually send a response back. In part, it's because several different business units decided to try to Handle It without doing the rational thing of centralizing to legal counsel.

dontdoxxme
> acknowledge the message

I think it is more nuanced than that -- they are sending a message via LinkedIn, is it really the company or a scam?

You should take time to respond appropriately and not be rushed in all cases. By acknowledging the message they'll want to continue the discussion. It's probably worth considering a standard response to approaches like this, along the lines of "Please contact us on generic-something@domain, I cannot discuss this on my personal social media account."

8cvor6j844qw_d6
I thought the standard procedure is to forward the message to the appropriate department. Never give any acknowledgement.
hedora
By spamming multiple people at multiple departments, Monotype is probably relying on one department screwing up and responding with something that’d strengthen their (non-existent, apparently) case.

Since their behavior is indistinguishable from scammers, it probably makes sense to also ask procurement/design to additionally ban the vendor.

cyanydeez
If they're following scam rules, they're not going to stop until they get someone hooked and engaged.

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal