Educause Security Discussion mailing list archives
Re: attempts sending fake phishing messages to students and/or employees
From: Andrew Daviel <advax () TRIUMF CA>
Date: Fri, 25 Jun 2010 23:11:49 -0700
I thought about doing this, but was shot down by colleagues for reasons others mentioned. We have also had some real incidents to use, and responded with announcements, posters, and an article in a (paper) newsletter. We had about 0.3% of users fall for a somewhat tailored phish (had our institution name and website, but not copied from a real announcement).
An observation - it seems to be the older, less net-savvy users who seem more likely to fall for these. They get less spam (probably from never posting on forums/newslists), so aren't "inoculated", and don't visit information websites etc. We have some emeritus staff who may work less hours, or at home, and so are less likely to ask a colleague if a phishing message is legitimate. Educating these people is a problem.
-- Andrew Daviel, TRIUMF, Canada
Current thread:
- Re: attempts sending fake phishing messages to students and/or employees Sam Hooker (Jun 09)
- Re: attempts sending fake phishing messages to students and/or employees Eric Case (Jun 09)
- Re: attempts sending fake phishing messages to students and/or employees Jesse Thompson (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Andrew Daviel (Jun 25)
- SSH password capture Andrew Daviel (Jun 25)
- Re: SSH password capture Yonesy F. Nunez (Jun 28)
- Re: attempts sending fake phishing messages to students and/or employees Dave Kovarik (Jun 10)
- Re: attempts sending fake phishing messages to students and/or employees Davis, Thomas R (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Ben Woelk (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Sam Hooker (Jun 14)
- Re: attempts sending fake phishing messages to students and/or employees Davis, Thomas R (Jun 11)
- Re: attempts sending fake phishing messages to students and/or employees Eric Case (Jun 09)