Educause Security Discussion mailing list archives
Re: Phishing stats
From: Matthew Wollenweber <mjw () CYBERWART COM>
Date: Tue, 29 Sep 2009 22:42:27 -0400
I'm new to the academic scene, but having been a consultant -- primarily a pen tester we often had 60% success rates during phishing exercises. Results generally started coming back within 15 minutes. Filters occassionally caused problems, but that just meant we tweaked a little. I can't recall a phishing campaign that ever failed to enable some level of access. The best advice is to assume you have many users compromised by phishing fairly regularly. With that assumption try to build security mechinisms to respond to and mitigate the damage. On Tue, Sep 29, 2009 at 10:32 PM, Pete Hickey <pete () shadows uottawa ca> wrote:
On Tue, Sep 29, 2009 at 10:15:55PM -0400, Joel Rosenblatt wrote:Hi Todd, I think that you may get better results by asking if there are any universities on this list that have NOT be successfully hit by phishing attempts. My guess would be that those do not get any email :-)Phew! I was worried that maybe we were the only one.... FWIW, at our place, we find that those being fooled..... 3 out of 5 are profs... 1 out of 5 staff, and 1 out of 5 students... In spite of the fact that we have something like 10 times as many students as the others combined. -- Pete Hickey Fudds Law: The University of Ottawa If you push something Ottawa, Ontario hard enough Canada It will fall over.
-- Matthew Wollenweber mjw () cyberwart com 240-753-0281
Current thread:
- Phishing stats Plesco, Todd (Sep 29)
- <Possible follow-ups>
- Re: Phishing stats Joel Rosenblatt (Sep 29)
- Re: Phishing stats Pete Hickey (Sep 29)
- Re: Phishing stats Matthew Wollenweber (Sep 29)