Educause Security Discussion mailing list archives
Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144)
From: Rich Graves <rgraves () CARLETON EDU>
Date: Fri, 5 Sep 2014 10:34:46 -0400
Our simulated phish goes to a simulated "this site has been blackholed" page, like http://testing.carleton-edu.com/ If you want to see who will give up credentials, you could defer the "blocked" page to the form action. You need management support and you shouldn't deny what you've done, but I don't see a reason to take credit in any way. This is not an IRB activity. It's a bit dishonest, but seriously cuts down on user complaints. It also teaches what to do (nothing) when they get a real phish whose collection site we have blocked. -- Rich Graves
Current thread:
- Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) John Forker (Sep 05)
- Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) Ben Woelk (Sep 05)
- <Possible follow-ups>
- Re: SECURITY Digest - 3 Sep 2014 to 4 Sep 2014 (#2014-144) Rich Graves (Sep 05)