Educause Security Discussion mailing list archives

Re: FYI: Another round of spear Phishing (ethics)

From: Bob Bayn <Bob.Bayn () USU EDU>
Date: Thu, 19 Jun 2008 10:53:34 -0600

Sheri Thompson wrote:

I strongly advise against what I would deem an unethical practice.


I'm not convinced that this assertion is necessarily true.
I suspect that we could construct a phake phish exercise
that would be no worse than a trick question on a midterm
exam.

Furthermore, if your students send private information through unsecure
email at your institution's behest, would that not be a potentially
embarrassing and reportable data breach?


I agree that constructing a password-in-email-reply phake phish
is not a good idea, although we've not considered the known
responses to these real phish messages to be a reportable breach.

--
Bob Bayn  ride-a-bike (435)797-2396
Network Security Team coordinator
Office of Information Techology
Utah State University

Current thread:

Re: FYI: Another round of spear Phishing (ethics) Basgen, Brian (Jun 19)
- <Possible follow-ups>
- Re: FYI: Another round of spear Phishing (ethics) Sheri J Thompson (Jun 19)
- Re: FYI: Another round of spear Phishing (ethics) Bob Bayn (Jun 19)