Educause Security Discussion mailing list archives
Re: Phishing and Security Awareness Training - Faculty
From: "Sburlea, Stefan" <sburlea () CHAPMAN EDU>
Date: Thu, 14 Apr 2016 16:57:43 +0000
That is the one thing that phishing and targeted advertising have in common. Best Regards, Stefan Sburlea Chapman University, IS&T Information Security Specialist sburlea () chapman edu Desk Phone: 714-744-7802 Chapman University I One University Drive I Orange, California 92866 UNIVERSITY STAFF WILL NEVER ASK FOR YOUR PASSWORD - DO NOT SHARE YOUR PASSWORD WITH OTHERS! From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn Sent: Thursday, April 14, 2016 6:01 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing and Security Awareness Training - Faculty I need to backtrack a comment I made that I realize has an exception: On Apr 13, 2016, at 16:55, I <bob.bayn () USU EDU<mailto:bob.bayn () usu edu>> wrote: Even though we still refer to the "gullible...skeptical...paranoid" continuum in our training, most victims of real phish are not actually gullible but are either multi-tasking and not giving the threat enough attention to recognize it or the phishing "story" happens to coincide with what is happening in the recipient's life at the moment. Spanning phishers can afford to use a specific story that only rings true with a few of their recipients, because it doesn't cost them anything to not fool the others. They are HOPING that it doesn't cost them anything to not fool the others. But when those others know a way to effectively report the mischief they recognize, that can help thwart the whole attack. If they know how to do any of: * report the message as spam * report the link to the hosting service abuse address * report the link to Google: https://www.google.com/safebrowsing/report_phish/ * report the link to Symantec: https://submit.symantec.com/antifraud/phish.cgi * report the message and link to PhishTank: https://www.phishtank.com/index.php * report the message to the REN-ISAC "chum" project: phish () ren-isac net<mailto:phish () ren-isac net> * report the message to their local IT Security team (who may do all the others) then the cost of "not fooling the others" goes up. Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University Report any suspicious message by forwarding it as an attachments (ctrl-alt-F in Outlook) to phish () usu edu<mailto:phish () usu edu>. The attachment format preserves hidden delivery header information that is helpful for reporting or blocking. Do you know the "Skeptical Hover Technique" and how to tell where a web link really goes? See: https://it.usu.edu/computer-security/computer-security-threats/articleID=23737<%20https:/it.usu.edu/computer-security/computer-security-threats/articleID=23737>
Current thread:
- Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Paul Chauvet (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Bob Bayn (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Manjak, Martin (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Bob Bayn (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Paul Chauvet (Apr 13)
- <Possible follow-ups>
- Re: Phishing and Security Awareness Training - Faculty Valerie Vogel (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Valerie Vogel (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Melanie Lever (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Burke, Ian R. (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 12)