Educause Security Discussion mailing list archives
Re: Phishing and Security Awareness Training - Faculty
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 14 Apr 2016 13:00:56 +0000
I need to backtrack a comment I made that I realize has an exception: On Apr 13, 2016, at 16:55, I <bob.bayn () USU EDU<mailto:bob.bayn () usu edu>> wrote: Even though we still refer to the "gullible...skeptical...paranoid" continuum in our training, most victims of real phish are not actually gullible but are either multi-tasking and not giving the threat enough attention to recognize it or the phishing "story" happens to coincide with what is happening in the recipient's life at the moment. Spanning phishers can afford to use a specific story that only rings true with a few of their recipients, because it doesn't cost them anything to not fool the others. They are HOPING that it doesn't cost them anything to not fool the others. But when those others know a way to effectively report the mischief they recognize, that can help thwart the whole attack. If they know how to do any of: * report the message as spam * report the link to the hosting service abuse address * report the link to Google: https://www.google.com/safebrowsing/report_phish/ * report the link to Symantec: https://submit.symantec.com/antifraud/phish.cgi * report the message and link to PhishTank: https://www.phishtank.com/index.php * report the message to the REN-ISAC "chum" project: phish () ren-isac net * report the message to their local IT Security team (who may do all the others) then the cost of "not fooling the others" goes up. Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University Report any suspicious message by forwarding it as an attachments (ctrl-alt-F in Outlook) to phish () usu edu. The attachment format preserves hidden delivery header information that is helpful for reporting or blocking. Do you know the "Skeptical Hover Technique" and how to tell where a web link really goes? See: https://it.usu.edu/computer-security/computer-security-threats/articleID=23737
Current thread:
- Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Paul Chauvet (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Bob Bayn (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Manjak, Martin (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Bob Bayn (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Paul Chauvet (Apr 13)
- <Possible follow-ups>
- Re: Phishing and Security Awareness Training - Faculty Valerie Vogel (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Valerie Vogel (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Melanie Lever (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Burke, Ian R. (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 12)