Educause Security Discussion mailing list archives

Re: Phishing your users

From: Sol Bermann <solb () UMICH EDU>
Date: Wed, 18 Feb 2015 10:21:38 -0500

We have refrained from phishing our own users due to trust issues down the
road.  That said, we are potentially considering it for certain pockets of
users.

We provide examples of real phishes here -
http://www.safecomputing.umich.edu/main/phishing_alerts/spear-phish-examples.php

Sol Bermann
Interim University of Michigan Chief Information Security Officer
Privacy Officer and IT Policy, Compliance and Enterprise Continuity
Strategist
ITS - Information & Infrastructure Assurance
University of Michigan

734/615-9661
solb () umich edu



On Wed, Feb 18, 2015 at 10:06 AM, Hillhouse, Bob (Bob) <bob () utk edu> wrote:

  We are interested in this as well. I’ve considered a “Phish-Bowl”
website where I post real examples of phishing emails that we’ve received
as well as images of some of the standard bank or delivery service emails.
It is one of the most prevalent forms of unintentional insider misuse we
see.

 Bob

 —
Bob Hillhouse, CISSP
Associate CIO & Chief Information Security Officer
The University of Tennessee, Knoxville
bob () utk edu
865-406-8981 (cell)
865-974-8445 (office)

 Keep your NetID information secure. Don't reply to any email that asks
for your personal information. Report any suspicious requests to the OIT
HelpDesk at (865) 974-9900.

  From: <Fowler>, Becky Thurmond
Reply-To: The EDUCAUSE Security Constituent Group Listserv
Date: Wednesday, February 18, 2015 at 9:58 AM
To: The EDUCAUSE Security Constituent Group Listserv
Subject: [SECURITY] Phishing your users

  We’ve tossed around the idea of phishing our users (as an
awareness/education activity) for the past few years.  I’m ready to make
another push to upper management to move forward with this project but I
was wondering if anyone had any war stories (good or bad) to share before I
make my pitch.


Thanks!



*Becky Thurmond Fowler*

Manager, Security Assessments & Incident Response

Division of IT – Information Security & Access Management

University of Missouri-Columbia

becky () missouri edu

573.882.5182

Current thread:

Phishing your users Fowler, Becky Thurmond (Feb 18)
- Re: Phishing your users Brad Judy (Feb 18)
  - Re: Phishing your users Jeffrey Sabin (Feb 18)
  - Re: Phishing your users Ben Woelk (Feb 18)
- <Possible follow-ups>
- Re: Phishing your users Hillhouse, Bob (Bob) (Feb 18)
  - Re: Phishing your users Sol Bermann (Feb 18)
    - Re: Phishing your users David Escalante (Feb 18)
    - Re: Phishing your users Andrew Lawlor (Feb 18)
  - Re: Phishing your users Daniel Robert Adinolfi (Feb 18)