Educause Security Discussion mailing list archives
Re: attempts sending fake phishing messages to students and/or employees
From: Dave Kovarik <david-kovarik () NORTHWESTERN EDU>
Date: Mon, 7 Jun 2010 22:26:38 -0500
My two cents: A "fake" phishing trip could have some benefit, but I'd recommend against launching one within higher education confines (it could be a career limiting or eliminating move). Those that are "hooked" by it won't take kindly to having taken the bait - and some of these will be outspoken faculty members. I think your efforts would be better spent on continuing education of your user community and resolving the incidents that occur as a result of actual phishing incidents. Dave Kovarik Northwestern University 847-467-5930 On 6/7/10 7:59 PM, Valdis Kletnieks wrote:
On Mon, 07 Jun 2010 15:41:18 PDT, "Miller, Don C." said:Has anyone attempted, or thought about, sending fake phishing messages to your students and/or employees?If your message is "We will never ask you for your password", this is a *really* bad idea because it confuses your users and shoots your credibility. We usually just wait for a real phish to get reported, then block the address outbound and trap any attempts to reach it. Anybody who tries it gets targeted for re-education.
Current thread:
- attempts sending fake phishing messages to students and/or employees Miller, Don C. (Jun 07)
- <Possible follow-ups>
- Re: attempts sending fake phishing messages to students and/or employees Valdis Kletnieks (Jun 07)
- Re: attempts sending fake phishing messages to students and/or employees Bob Bayn (Jun 07)
- Re: attempts sending fake phishing messages to students and/or employees Dave Kovarik (Jun 07)
- Re: attempts sending fake phishing messages to students and/or employees Ben Woelk (Jun 07)
- Re: attempts sending fake phishing messages to students and/or employees Lorenz, Eva (Jun 08)
- Re: attempts sending fake phishing messages to students and/or employees Ben Woelk (Jun 08)