Educause Security Discussion mailing list archives
Re: FYI: Another round of spear Phishing
From: Dean Halter <Dean.Halter () NOTES UDAYTON EDU>
Date: Thu, 19 Jun 2008 11:23:38 -0400
We're in the same boat as far as being subject to recent phishing campaigns. We use Ironport and send occasional emails letting folks know we'll never initiate an exchange of their personally identifiable or account information. Unfortunately, it's not enough. Not trying to flame, but I don't see conducting a phish test as fostering so much a loss of credibility, but a loss of flexibility on the part of IT. I might be able live w/ that, especially from a security standpoint, if we can still get projects done employing multiple techniques such as education, advertising, use of branding, etc. that the bad guys can't match. As a previous poster said, "I've yet to see anyone respond twice...." I certainly agree that no one wants to look the fool. It's just that the folks that are going to fall for the test would probably also fall for a scam. I am curious to hear what others think of using "deception" to educate.
I suggested something like this to our CIO last year, and he pointed out (rightly) that if we do something like this we're going to lose a huge amount of credibility with our user base. For example, right now we're starting an AD deployment, and for various reasons I won't get into here we need our users who are testing it to reset their passwords with a web app. I don't think they'd be so willing to respond to a legitimate request like this if they thought we were testing them again. Nobody likes to be painted as a fool.
--Matt
Dean Halter IT Risk Management Officer University of Dayton
Current thread:
- Re: FYI: Another round of spear Phishing, (continued)
- Re: FYI: Another round of spear Phishing Gregg, Christopher S. (Jun 12)
- Re: FYI: Another round of spear Phishing Koerber, Jeff (Jun 12)
- Re: FYI: Another round of spear Phishing Jenkins, Matthew (Jun 12)
- Re: FYI: Another round of spear Phishing Paul Russell (Jun 12)
- Re: FYI: Another round of spear Phishing Robin Polak (Jun 17)
- Re: FYI: Another round of spear Phishing ram smith (Jun 17)
- Re: FYI: Another round of spear Phishing Gary Warner (Jun 17)
- Re: FYI: Another round of spear Phishing Cal Frye (Jun 18)
- Re: FYI: Another round of spear Phishing Matthew Gracie (Jun 19)
- Re: FYI: Another round of spear Phishing Cal Frye (Jun 19)
- Re: FYI: Another round of spear Phishing Dean Halter (Jun 19)
- Re: FYI: Another round of spear Phishing Bob Bayn (Jun 19)
- Re: FYI: Another round of spear Phishing Curt Wilson (Jun 19)
- Re: FYI: Another round of spear Phishing Mclaughlin, Kevin (mclaugkl) (Jun 19)
- Re: FYI: Another round of spear Phishing Dean Halter (Jun 19)
- Re: FYI: Another round of spear Phishing Jesse Thompson (Jun 27)