Educause Security Discussion mailing list archives

Re: Phishing Links

From: Ben Woelk <fbwis () RIT EDU>
Date: Wed, 7 Jul 2010 21:30:03 -0400

Marty,
Do you include alumni in your "phishing education" efforts? I'm curious as to whether they're "in scope" for your 
office, and if so, how you're engaging them. I do a seminar every fall for alumni at our Brick City event, but that 
hardly scratches the surface.
Ben Woelk '07

Policy and Awareness Analyst
Information Security Office
Rochester Institute of Technology
Ross 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623

585.475.4122
585.475.7920 fax
ben.woelk () rit edu
http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at http://rit.facebook.com/profile.php?id=6017464645

Follow us on Twitter: http://twitter.com/RIT_InfoSec

________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Martin Manjak 
[mm376 () ALBANY EDU]
Sent: Wednesday, July 07, 2010 5:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Phishing Links

Our recent experience is that those individuals who are most susceptible
to theses types of social engineering attacks are those who recently
left the University, i.e., grad students who were employed, graduating
seniors, temporary appointments either on the academic or professional side.

They look at phishing messages from a completely different point of view
than the general population. They may have a rather tenuous relationship
to the institution to begin with. To them, the loss of their University
account could happen, and for whatever reason, they are vulnerable to
those messages that threaten its loss. To avoid that, they respond to
the phish. Ironically, this results in the very thing they want to prevent.
Marty


On 7/7/2010 4:34 PM, Pete Hickey wrote:

The problem with this is why phishing is successful.

MOST people are not fooled.  The people who would go to such a web
site for verification are those who would not be fooled.  It is
the outer edges of the bell curve that are getting caught,and these
people would most likely not visit such a page for verification.



--
Martin Manjak
Information Security Officer
University at Albany
CISSP, GSEC, GCWN

Current thread:

Re: Phishing Links, (continued)
- - Re: Phishing Links Basgen, Brian (Jul 07)
    - Re: Phishing Links James Farr '05 (Jul 07)
    - Re: Phishing Links Jeff Kell (Jul 07)
- Re: Phishing Links Justin Azoff (Jul 07)
  - Re: Phishing Links David Escalante (Jul 07)
- Re: Phishing Links Eric Case (Jul 07)
  - Re: Phishing Links Joel Rosenblatt (Jul 07)
- Re: Phishing Links Flynn, Gary - flynngn (Jul 07)
  - Re: Phishing Links Pete Hickey (Jul 07)
    - Re: Phishing Links Martin Manjak (Jul 07)
    - Re: Phishing Links Ben Woelk (Jul 07)
    - Re: Phishing Links Martin Manjak (Jul 20)
    - Windows 0-day David Opitz (Jul 21)
    - Re: Windows 0-day Greg Williams (Jul 21)
    - Re: Windows 0-day Greg Williams (Jul 27)
  - Re: Phishing Links Ben Woelk (Jul 07)
    - Re: Phishing Links Flynn, Gary - flynngn (Jul 07)
- Re: Phishing Links Greg Vickers (Jul 07)
  - Re: Phishing Links James Farr '05 (Jul 08)