Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Phishing, compromised account and SPAM

From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 3 Apr 2014 15:03:31 +0000
I'll disagree with Pete about the value of a 99% success rate.The "rule of thumb" of a 10% gullibility rate of 
untrained populations suggested that a 1% gullibility rate is a significant improvement.  Just ask your email admin and 
support staff if they would appreciate a 90% reduction in the time they spend on recovery from hosting phish attacks.  

In the data I see here from following the phish problem closely, I note that some people are on the spammers lists and 
some aren't.  Once you train an actual recipient to be skeptical, either by victimhood or by awareness, they will have 
a much greater than 99% chance of rejecting the subsequent phishes they receive.

I've reported 8 different phish links received here so far this morning.


Bob Bayn      SER 301      (435)797-2396    IT Security Team
Office of Information Technology,         Utah State University
    Do you know the "Skeptical Hover Technique" and
    how to tell where a web link really goes?  See:
    https://it.usu.edu/computer-security/computer-security-threats/articleID=23737


________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Pete Hickey 
[pete () SHADOWS UOTTAWA CA]
Sent: Thursday, April 03, 2014 8:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Phishing, compromised account and SPAM

On Thu, Apr 03, 2014 at 01:18:16AM -0700, Joseph Tam wrote:


The problem I see with most educational campaigns is that they tend to
preach to the converted.  The people most prone to succumbing are
unaware they are susceptible, and don't go through training since they
think they are immune.


Not only that, but any educational campaign is going to have a certain
success rate.  Let's say that you are able to hit everyone, and you
have a 99% success rate.  Any organization would love to have that kind
of success rate with organizational educational campaigns, but with
Phishing, and the amount of it, 99% is not good enough with the population
size at most schools.


--
Pete Hickey
The University of Ottawa             Beer is good
Ottawa, Ontario                              but
Canada                               beers are better
Previous By Date Next
Previous By Thread Next

Current thread: