Re: Phishing your users

["Hillhouse, Bob (Bob)" <bob () UTK EDU>]

We are interested in this as well. I’ve considered a “Phish-Bowl” website where I post real examples of phishing emails 
that we’ve received as well as images of some of the standard bank or delivery service emails. It is one of the most 
prevalent forms of unintentional insider misuse we see.

Bob

—
Bob Hillhouse, CISSP
Associate CIO & Chief Information Security Officer
The University of Tennessee, Knoxville
bob () utk edu<mailto:bob () utk edu>
865-406-8981 (cell)
865-974-8445 (office)

Keep your NetID information secure. Don't reply to any email that asks for your personal information. Report any 
suspicious requests to the OIT HelpDesk at (865) 974-9900.

From: <Fowler>, Becky Thurmond
Reply-To: The EDUCAUSE Security Constituent Group Listserv
Date: Wednesday, February 18, 2015 at 9:58 AM
To: The EDUCAUSE Security Constituent Group Listserv
Subject: [SECURITY] Phishing your users

We’ve tossed around the idea of phishing our users (as an awareness/education activity) for the past few years.  I’m 
ready to make another push to upper management to move forward with this project but I was wondering if anyone had any 
war stories (good or bad) to share before I make my pitch.

Thanks!

Becky Thurmond Fowler
Manager, Security Assessments & Incident Response
Division of IT – Information Security & Access Management
University of Missouri-Columbia
becky () missouri edu<mailto:becky () missouri edu>
573.882.5182