Educause Security Discussion mailing list archives
Re: Phishing stats
From: James C Farr '05 <jfarr () UTICA EDU>
Date: Thu, 22 Oct 2009 14:44:37 -0400
I have a question about slightly different stats. Does anyone keep track of how many phishing attempts hit the email server each month, how many actually make it to the users inbox, how many users respond to these scams, and how many users reveal their personal information. I make a difference because sometimes I have users so reply to these messages just to tell them to go fly a kite. We currently rely on self reporting. However, when a user's email account starts sending out a large amount of email it gives us something to look into so it is not entirely self reporting on the successful phishing end. James Farr Utica College -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Wollenweber Sent: Tuesday, September 29, 2009 10:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing stats I'm new to the academic scene, but having been a consultant -- primarily a pen tester we often had 60% success rates during phishing exercises. Results generally started coming back within 15 minutes. Filters occassionally caused problems, but that just meant we tweaked a little. I can't recall a phishing campaign that ever failed to enable some level of access. The best advice is to assume you have many users compromised by phishing fairly regularly. With that assumption try to build security mechinisms to respond to and mitigate the damage. On Tue, Sep 29, 2009 at 10:32 PM, Pete Hickey <pete () shadows uottawa ca> wrote:
On Tue, Sep 29, 2009 at 10:15:55PM -0400, Joel Rosenblatt wrote:Hi Todd, I think that you may get better results by asking if there are any universities on this list that have NOT be successfully hit by phishing attempts. My guess would be that those do not get any email :-)Phew! I was worried that maybe we were the only one.... FWIW, at our place, we find that those being fooled..... 3 out of 5 are profs... 1 out of 5 staff, and 1 out of 5 students... In spite of the fact that we have something like 10 times as many students as the others combined. -- Pete Hickey Fudds Law: The University of Ottawa If you push something Ottawa, Ontario hard enough Canada It will fall over.
-- Matthew Wollenweber mjw () cyberwart com 240-753-0281
Current thread:
- Re: Phishing stats James C Farr '05 (Oct 22)