Educause Security Discussion mailing list archives
Re: FYI: Another round of spear Phishing (ethics)
From: Bob Bayn <Bob.Bayn () USU EDU>
Date: Thu, 19 Jun 2008 10:53:34 -0600
Sheri Thompson wrote:
I strongly advise against what I would deem an unethical practice.
I'm not convinced that this assertion is necessarily true. I suspect that we could construct a phake phish exercise that would be no worse than a trick question on a midterm exam.
Furthermore, if your students send private information through unsecure email at your institution's behest, would that not be a potentially embarrassing and reportable data breach?
I agree that constructing a password-in-email-reply phake phish is not a good idea, although we've not considered the known responses to these real phish messages to be a reportable breach. -- Bob Bayn ride-a-bike (435)797-2396 Network Security Team coordinator Office of Information Techology Utah State University
Current thread:
- Re: FYI: Another round of spear Phishing (ethics) Basgen, Brian (Jun 19)
- <Possible follow-ups>
- Re: FYI: Another round of spear Phishing (ethics) Sheri J Thompson (Jun 19)
- Re: FYI: Another round of spear Phishing (ethics) Bob Bayn (Jun 19)