Educause Security Discussion mailing list archives

Re: phishing irony

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 12 Feb 2009 23:24:25 -0500

On Thu, 12 Feb 2009 09:55:25 CST, "HALL, NATHANIEL D." said:

Why stop sending examples?  To me it seems like a perfect opportunity to
educate those users who responded.


What little gain you get in education is *vastly* outweighed by the fact that
you can no longer say "WE NEVER ASK FOR PASSWORDS IN EMAIL". You might be able
to get that 7-word version to stick in the average user's brain.

You start trolling your users like this, and what they'll *remember* is:

"IT doesn't ask for our passwords in e-mail, except if it's a training event,
oh and didn't I hear from somebody down the hall they'd do it if they lost the
password database and had to rebuild it, just like this e-mail says they're
doing, and 2 or 3 other cases they'd do it even though they usually don't..."

Attachment: _bin
Description:

Current thread:

Re: phishing irony, (continued)
- Re: phishing irony Jesse Thompson (Feb 11)
- Re: phishing irony Tupker, Mike (Feb 11)
- Re: phishing irony Pace, Guy (Feb 11)
- Re: phishing irony Mike Porter (Feb 11)
- Re: phishing irony Gary Flynn (Feb 11)
- Re: phishing irony Paul Crittenden (Feb 12)
- Re: phishing irony Ozzie Paez (Feb 12)
- Re: phishing irony HALL, NATHANIEL D. (Feb 12)
- Re: phishing irony Pete Hickey (Feb 12)
- Re: phishing irony Matthew Gracie (Feb 12)
- Re: phishing irony Valdis Kletnieks (Feb 12)
- Re: phishing irony Gary Flynn (Feb 13)
- Re: phishing irony James (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Falcon, Patricia (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
- Re: phishing irony Leo Song (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Chris Edwards (Feb 13)
- Re: phishing irony Leon DuPree (Feb 13)
- Re: phishing irony Zach Jansen (Feb 13)

(Thread continues...)