Educause Security Discussion mailing list archives
Re: phishing irony
From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Fri, 13 Feb 2009 09:09:05 -0600
It might seem deceptive, but you don't have to tell them the IT department sent the e-mail. It is probably best if they don't know. When I see a phishing e-mail come to any of my multiple college mailboxes I do a search to see if anybody has replied. If they have then I contact them. Why not act the same way with the IT generated messages? -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System Administrator OTC Computer Networking Office: (417) 447-7535 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Thursday, February 12, 2009 10:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] phishing irony On Thu, 12 Feb 2009 09:55:25 CST, "HALL, NATHANIEL D." said:
Why stop sending examples? To me it seems like a perfect opportunity to educate those users who responded.
What little gain you get in education is *vastly* outweighed by the fact that you can no longer say "WE NEVER ASK FOR PASSWORDS IN EMAIL". You might be able to get that 7-word version to stick in the average user's brain. You start trolling your users like this, and what they'll *remember* is: "IT doesn't ask for our passwords in e-mail, except if it's a training event, oh and didn't I hear from somebody down the hall they'd do it if they lost the password database and had to rebuild it, just like this e-mail says they're doing, and 2 or 3 other cases they'd do it even though they usually don't..."
Current thread:
- Re: phishing irony, (continued)
- Re: phishing irony Paul Crittenden (Feb 12)
- Re: phishing irony Ozzie Paez (Feb 12)
- Re: phishing irony HALL, NATHANIEL D. (Feb 12)
- Re: phishing irony Pete Hickey (Feb 12)
- Re: phishing irony Matthew Gracie (Feb 12)
- Re: phishing irony Valdis Kletnieks (Feb 12)
- Re: phishing irony Gary Flynn (Feb 13)
- Re: phishing irony James (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Falcon, Patricia (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
- Re: phishing irony Leo Song (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Chris Edwards (Feb 13)
- Re: phishing irony Leon DuPree (Feb 13)
- Re: phishing irony Zach Jansen (Feb 13)
- Re: phishing irony Valdis Kletnieks (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
- Re: phishing irony Harris, Michael C. (Feb 13)
- Re: phishing irony Allison Dolan (Feb 13)