Educause Security Discussion mailing list archives
Re: Phishing, compromised account and SPAM
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 3 Apr 2014 15:03:31 +0000
I'll disagree with Pete about the value of a 99% success rate.The "rule of thumb" of a 10% gullibility rate of untrained populations suggested that a 1% gullibility rate is a significant improvement. Just ask your email admin and support staff if they would appreciate a 90% reduction in the time they spend on recovery from hosting phish attacks. In the data I see here from following the phish problem closely, I note that some people are on the spammers lists and some aren't. Once you train an actual recipient to be skeptical, either by victimhood or by awareness, they will have a much greater than 99% chance of rejecting the subsequent phishes they receive. I've reported 8 different phish links received here so far this morning. Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University Do you know the "Skeptical Hover Technique" and how to tell where a web link really goes? See: https://it.usu.edu/computer-security/computer-security-threats/articleID=23737 ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Pete Hickey [pete () SHADOWS UOTTAWA CA] Sent: Thursday, April 03, 2014 8:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing, compromised account and SPAM On Thu, Apr 03, 2014 at 01:18:16AM -0700, Joseph Tam wrote:
The problem I see with most educational campaigns is that they tend to preach to the converted. The people most prone to succumbing are unaware they are susceptible, and don't go through training since they think they are immune.
Not only that, but any educational campaign is going to have a certain success rate. Let's say that you are able to hit everyone, and you have a 99% success rate. Any organization would love to have that kind of success rate with organizational educational campaigns, but with Phishing, and the amount of it, 99% is not good enough with the population size at most schools. -- Pete Hickey The University of Ottawa Beer is good Ottawa, Ontario but Canada beers are better
Current thread:
- Re: Phishing, compromised account and SPAM, (continued)
- Re: Phishing, compromised account and SPAM JR Ramirez (Apr 02)
- Re: Phishing, compromised account and SPAM Roger A Safian (Apr 02)
- Re: Phishing, compromised account and SPAM JR Ramirez (Apr 02)
- Re: Phishing, compromised account and SPAM Roger A Safian (Apr 02)
- Re: Phishing, compromised account and SPAM JR Ramirez (Apr 02)
- Re: Phishing, compromised account and SPAM Jones, Mark B (Apr 02)
- Re: Phishing, compromised account and SPAM Roger A Safian (Apr 02)
- Re: Phishing, compromised account and SPAM Frahm, Eric J Jr. (Apr 02)
- Re: Phishing, compromised account and SPAM JR Ramirez (Apr 02)
- Re: Phishing, compromised account and SPAM Bob Bayn (Apr 03)
- Re: Phishing, compromised account and SPAM Pete Hickey (Apr 03)
- Re: Phishing, compromised account and SPAM Bob Bayn (Apr 03)