Educause Security Discussion mailing list archives
Re: Self-Phishing - Pre Launch Messages
From: Rob Milman <rob.milman () SAIT CA>
Date: Tue, 15 Nov 2016 12:22:18 -0700
Hi James, We have just started our phishing campaign for this year. We use SANS STH Phishing to conduct the campaign. They strongly advised that we send a pre-launch message, which I’ve included for you below. Our CIO also informed our management team about the campaign. Overall the response has been positive. “As you know, we take information security extremely seriously. Starting next month we will be kicking off phishing assessments. A phishing assessment is nothing more than when we send out an email pretending to be a hacker, these are the very same email attacks that the bad guys are sending. The only difference is these emails will not harm you in any way, they are only designed to measure behaviors and help you learn how to identify these scams and protect yourself. A couple of key points: * We will be sending out these emails once a month, on a random day and time. Each month will be different. * If you fall victim to one of these phishing emails you will be notified immediately. However, your name is not reported to management or anyone on the security team, it will not impact you in anyway. This training is designed to help you learn. * Twenty-four hours after each assessment we will send an email out to everyone explaining the attack and how you could have figured out the email was a scam or attack. If you have any questions about this program or suggestions on how to improve it, please contact (insert your name here) . He is responsible for (insert Institution name here) security awareness program and will be happy to hear from you.” Thanks, Rob From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Farr Sent: Tuesday, November 15, 2016 9:20 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Self-Phishing - Pre Launch Messages We are exploring self-phishing options with our faculty staff and possible students. We want to provide notification to the users about the program before we send any actual phishing messages. We are thinking that notifications should be mentioned at orientation with an annual email reminder. How often do you notify your users about the self-phishing program? Can anyone share examples of campus notifications sent out prior to implementing this type of program? James Farr ’05 G’12 Director of Information Security Utica College jfarr () utica edu<mailto:jfarr () utica edu> 315-223-2386
Current thread:
- Self-Phishing - Pre Launch Messages James Farr (Nov 15)
- Re: Self-Phishing - Pre Launch Messages David D Grisham (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Jimenez, Julio (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Shettler, David (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Rob Milman (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Eric Weakland (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Valerie Vogel (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Sweeney, Sean (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Eric Weakland (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Tamara Bahr (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Valerie Vogel (Nov 15)
- Re: Self-Phishing - Pre Launch Messages James Farr (Nov 15)
- Re: Self-Phishing - Pre Launch Messages David D Grisham (Nov 15)