Educause Security Discussion mailing list archives

Re: attempts sending fake phishing messages to students and/or employees

From: Andrew Daviel <advax () TRIUMF CA>
Date: Fri, 25 Jun 2010 23:11:49 -0700

I thought about doing this, but was shot down by colleagues for reasonsothers mentioned. We have also had some real incidents to use, andresponded with announcements, posters, and an article in a (paper)newsletter. We had about 0.3% of users fall for a somewhat tailored phish(had our institution name and website, but not copied from a realannouncement).

An observation - it seems to be the older, less net-savvy users who seemmore likely to fall for these. They get less spam (probably from neverposting on forums/newslists), so aren't "inoculated", and don't visitinformation websites etc. We have some emeritus staff who may work lesshours, or at home, and so are less likely to ask a colleague if aphishing message is legitimate. Educating these people is a problem.


--
Andrew Daviel, TRIUMF, Canada

Current thread:

Re: attempts sending fake phishing messages to students and/or employees Sam Hooker (Jun 09)
- Re: attempts sending fake phishing messages to students and/or employees Eric Case (Jun 09)
  - Re: attempts sending fake phishing messages to students and/or employees Jesse Thompson (Jun 11)
  - Re: attempts sending fake phishing messages to students and/or employees Andrew Daviel (Jun 25)
  - SSH password capture Andrew Daviel (Jun 25)
    - Re: SSH password capture Yonesy F. Nunez (Jun 28)
- Re: attempts sending fake phishing messages to students and/or employees Dave Kovarik (Jun 10)
  - Re: attempts sending fake phishing messages to students and/or employees Davis, Thomas R (Jun 11)
    - Re: attempts sending fake phishing messages to students and/or employees Ben Woelk (Jun 11)
    - Re: attempts sending fake phishing messages to students and/or employees Sam Hooker (Jun 14)