Educause Security Discussion mailing list archives
Re: FYI: Another round of spear Phishing
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Thu, 19 Jun 2008 09:54:18 -0400
Koerber, Jeff wrote:
Since our spam filters don't seem to be working for these Phishing attempts, education is the only other alterative. I was thinking about sending out a phony phishing message to all students. It would direct users to a lighthearted website (entitled "You shouldn't have clicked on this link") and it would educate them about Phishing and let them know that we would never ask for their password and how they should never give out their password to anyone. That will target the people we want to receive the message. Has anyone tried something like this? Do you think it is a good idea? I could see some saying that they were upset to find out that we were behind this stunt.
I suggested something like this to our CIO last year, and he pointed out (rightly) that if we do something like this we're going to lose a huge amount of credibility with our user base. For example, right now we're starting an AD deployment, and for various reasons I won't get into here we need our users who are testing it to reset their passwords with a web app. I don't think they'd be so willing to respond to a legitimate request like this if they thought we were testing them again. Nobody likes to be painted as a fool. --Matt -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- Re: FYI: Another round of spear Phishing, (continued)
- Re: FYI: Another round of spear Phishing Basgen, Brian (Jun 12)
- Re: FYI: Another round of spear Phishing Bob Bayn (Jun 12)
- Re: FYI: Another round of spear Phishing Gregg, Christopher S. (Jun 12)
- Re: FYI: Another round of spear Phishing Koerber, Jeff (Jun 12)
- Re: FYI: Another round of spear Phishing Jenkins, Matthew (Jun 12)
- Re: FYI: Another round of spear Phishing Paul Russell (Jun 12)
- Re: FYI: Another round of spear Phishing Robin Polak (Jun 17)
- Re: FYI: Another round of spear Phishing ram smith (Jun 17)
- Re: FYI: Another round of spear Phishing Gary Warner (Jun 17)
- Re: FYI: Another round of spear Phishing Cal Frye (Jun 18)
- Re: FYI: Another round of spear Phishing Matthew Gracie (Jun 19)
- Re: FYI: Another round of spear Phishing Cal Frye (Jun 19)
- Re: FYI: Another round of spear Phishing Dean Halter (Jun 19)
- Re: FYI: Another round of spear Phishing Bob Bayn (Jun 19)
- Re: FYI: Another round of spear Phishing Curt Wilson (Jun 19)
- Re: FYI: Another round of spear Phishing Mclaughlin, Kevin (mclaugkl) (Jun 19)
- Re: FYI: Another round of spear Phishing Dean Halter (Jun 19)
- Re: FYI: Another round of spear Phishing Jesse Thompson (Jun 27)