Re: FYI: Another round of spear Phishing

[Bob Bayn <Bob.Bayn () USU EDU>]

Dean Halter wrote:
> I certainly agree that no one wants to look the fool.  It's just that the
> folks that are going to fall for the test would probably also fall for a
> scam.  I am curious to hear what others think of using "deception" to
> educate.

My educational experience is replete with "trick questions" on
exams I took.  The ones that tricked me are the ones I remember
best.

I am beginning the discussions here about constructing a phake
phish as an awareness device.  We'll see who we get on board with
the idea and how we might deploy it.  I'm thinking of a limited
phish spam at some of our employees, and a little followup in
the student paper (which will probably get picked up by the news-
starved local paper) and then maybe a followup phish spam to some
students in the fall, with more publicity followup.

One question is which kind of "phish" to use as a model: 1) the
one that asks for an email password by return email or 2) one
that directs the user to a look-alike website at a clearly bogus
URL.  We've been getting a LOT of the email reply variety lately.

--
Bob Bayn  ride-a-bike (435)797-2396
Network Security Team coordinator
Office of Information Techology
Utah State University