Educause Security Discussion mailing list archives
Re: phishing irony
From: Ozzie Paez <ozpaez () SPRYNET COM>
Date: Fri, 13 Feb 2009 08:47:27 -0700
Hey Pat, I am pretty sure that this is the company. I believe that they were either called something different or spun out of a different security company. I remember their lead person saying that they were reorganizing that aspect of what they did to make it easier for clients to get the service. Ozzie Paez SSE/CISSP SAIC 303-332-5363 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Falcon, Patricia Sent: Friday, February 13, 2009 8:05 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] phishing irony This sounds like the company Phishme (http://phishme.com/), which launched a service like this last summer. Has anyone had any experience with their product or similar software? Pat Falcon IT Security Policy and Communication Coordinator Computing and Information Services || Information Security Group Brown University -----Original Message----- From: Ozzie Paez [mailto:ozpaez () SPRYNET COM] Sent: Thursday, February 12, 2009 10:45 AM Subject: Re: phishing irony One of the more useful and interesting approaches to awareness and training that I have seen involved a company that would come into the organization and create a fake web site that looked similar to the real one. They would then send out phishing messages to the 'target' population and track the response. When someone used the fake link to log on, they would get a message telling them in a nice, funny, serious (pick your style) way that they 'got phished'; the message would explain the implications, policies and provide a training link. The statistics from the program would then be provided to the client so that they could track how well their users were doing in avoiding phishing attacks. While I could not independently verify it, they claimed that the approach improved the effectiveness of security training in this area by over 85%. Anyway, this sounds like a fairly simple and low cost method to assess how well users are doing avoiding phishing attacks and for measuring training performance. My guess is that it could also be done in-house without much effort. Ozzie Paez SSE/CISSP SAIC 303-332-5363
Current thread:
- Re: phishing irony, (continued)
- Re: phishing irony HALL, NATHANIEL D. (Feb 12)
- Re: phishing irony Pete Hickey (Feb 12)
- Re: phishing irony Matthew Gracie (Feb 12)
- Re: phishing irony Valdis Kletnieks (Feb 12)
- Re: phishing irony Gary Flynn (Feb 13)
- Re: phishing irony James (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Falcon, Patricia (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
- Re: phishing irony Leo Song (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Chris Edwards (Feb 13)
- Re: phishing irony Leon DuPree (Feb 13)
- Re: phishing irony Zach Jansen (Feb 13)
- Re: phishing irony Valdis Kletnieks (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
- Re: phishing irony Harris, Michael C. (Feb 13)
- Re: phishing irony Allison Dolan (Feb 13)