Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FYI: Another round of spear Phishing

From: Cal Frye <cjf () CALFRYE COM>
Date: Thu, 19 Jun 2008 11:23:11 -0400
Matthew Gracie wrote:

Koerber, Jeff wrote:

Since our spam filters don't seem to be working for these Phishing
attempts, education is the only other alterative.  I was thinking
about sending out a phony phishing message to all students.



I suggested something like this to our CIO last year, and he pointed out
(rightly) that if we do something like this we're going to lose a huge
amount of credibility with our user base.


I've been wrestling with this idea myself for a bit. I think if the end
result of clicking on the phish links is educational, not abusive, you
can get away with it.

We always tell our folks what distinguishes legit messages from phish,
and you need to make sure that any "pseudophish" you send follow the
criteria. I still think it can be done with care without risking your
credibility, but a lot rides on what happens when the fish take the bait.

--
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com


"Every hour I live I become an intenser devotee to common sense! --Alice
James.
Previous By Date Next
Previous By Thread Next

Current thread: