Educause Security Discussion mailing list archives
Re: phishing irony
From: James <security () CYCLOHEXANE NET>
Date: Fri, 13 Feb 2009 13:52:09 -0000
Maybe I've missed your point entirely, but sending out your own phish emails to see who replies doesn't change the "IT dept. will never ask for my password" rule. People are not supposed to reply, the rule still holds. Anyone who does reply hasn't followed the rule and you get to know about it and educate them before they reply to a real phish. James -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Friday, February 13, 2009 4:24 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] phishing irony On Thu, 12 Feb 2009 09:55:25 CST, "HALL, NATHANIEL D." said:
Why stop sending examples? To me it seems like a perfect opportunity to educate those users who responded.
What little gain you get in education is *vastly* outweighed by the fact that you can no longer say "WE NEVER ASK FOR PASSWORDS IN EMAIL". You might be able to get that 7-word version to stick in the average user's brain. You start trolling your users like this, and what they'll *remember* is: "IT doesn't ask for our passwords in e-mail, except if it's a training event, oh and didn't I hear from somebody down the hall they'd do it if they lost the password database and had to rebuild it, just like this e-mail says they're doing, and 2 or 3 other cases they'd do it even though they usually don't..."
Current thread:
- Re: phishing irony, (continued)
- Re: phishing irony Pace, Guy (Feb 11)
- Re: phishing irony Mike Porter (Feb 11)
- Re: phishing irony Gary Flynn (Feb 11)
- Re: phishing irony Paul Crittenden (Feb 12)
- Re: phishing irony Ozzie Paez (Feb 12)
- Re: phishing irony HALL, NATHANIEL D. (Feb 12)
- Re: phishing irony Pete Hickey (Feb 12)
- Re: phishing irony Matthew Gracie (Feb 12)
- Re: phishing irony Valdis Kletnieks (Feb 12)
- Re: phishing irony Gary Flynn (Feb 13)
- Re: phishing irony James (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Falcon, Patricia (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
- Re: phishing irony Leo Song (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Chris Edwards (Feb 13)
- Re: phishing irony Leon DuPree (Feb 13)
- Re: phishing irony Zach Jansen (Feb 13)
- Re: phishing irony Valdis Kletnieks (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
(Thread continues...)