Educause Security Discussion mailing list archives

Re: Self-Phishing - show of hands

From: Paul Chauvet <chauvetp () NEWPALTZ EDU>
Date: Wed, 17 Feb 2016 20:20:44 +0000

Late reply, sorry!

We've been doing self-phishing for 3 years now, originally with Wombat, then Threatsim (which now was bought by 
Wombat).  We've found it to be one of the most effective things we've done, though unfortunately due to the cost we've 
only been using it against Faculty & Staff.

I'm considering using the Social Engineering Toolkit (open source) rarely for our students.

Who are you phishing? (Select groups, All Staff, All Faculty, All Students, everyone etc.)  - All faculty and staff 
(initially was only those with higher level access like Banner & IT groups)
What are you using? (Vendor, custom or opensource and the name of the vendor or project.)  - Threatsim
How long have you been phishing your customers? 3 years

Paul Chauvet
Information Security Officer
State University of New York at New Paltz
845-257-3828
chauvetp () newpaltz edu<mailto:chauvetp () newpaltz edu>
[emlogo]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eric 
Weakland
Sent: Thursday, February 11, 2016 10:38 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Self-Phishing - show of hands

Greetings,

I'm working on a publication on self phishing for HEISC and preparing to leverage our self-phishing service (SANS) in 
the coming year.  I am trying to develop a list of universities who are doing "self phishing".

If your institution is self phishing your community - would you mind dropping me a note with the following items.

Who are you phishing? (Select groups, All Staff, All Faculty, All Students, everyone etc.)
What are you using? (Vendor, custom or opensource and the name of the vendor or project.)
How long have you been phishing your customers?

Thanks everyone!

Regards,

Eric Weakland, CISSP, CISM, CRISC
Director, Information Security
Office of Information Technology
American University
eric at american.edu
202.885.2241

_____________________________________________
Emails from IT asking you to log in with a link are scams!

Current thread:

Re: Self-Phishing - show of hands, (continued)
- Re: Self-Phishing - show of hands Jeff Choo (Feb 11)
- Re: Self-Phishing - show of hands Feehan, Patrick (Feb 11)
  - Re: Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Dennis Duncan (Feb 11)
  - Re: Self-Phishing - show of hands Stefan Wahe (Feb 11)
  - Re: Self-Phishing - show of hands Christine Streeter (Feb 11)
    - Re: Self-Phishing - show of hands Jenny Blaine (Feb 11)
    - Re: Self-Phishing - show of hands Sol Bermann (Feb 12)
- Re: Self-Phishing - show of hands Melanie Lever (Feb 12)
- Re: Self-Phishing - show of hands George Moore (Feb 16)
- Re: Self-Phishing - show of hands Paul Chauvet (Feb 17)