Educause Security Discussion mailing list archives
Re: Phishing your users
From: Sol Bermann <solb () UMICH EDU>
Date: Wed, 18 Feb 2015 10:21:38 -0500
We have refrained from phishing our own users due to trust issues down the road. That said, we are potentially considering it for certain pockets of users. We provide examples of real phishes here - http://www.safecomputing.umich.edu/main/phishing_alerts/spear-phish-examples.php Sol Bermann Interim University of Michigan Chief Information Security Officer Privacy Officer and IT Policy, Compliance and Enterprise Continuity Strategist ITS - Information & Infrastructure Assurance University of Michigan 734/615-9661 solb () umich edu On Wed, Feb 18, 2015 at 10:06 AM, Hillhouse, Bob (Bob) <bob () utk edu> wrote:
We are interested in this as well. I’ve considered a “Phish-Bowl” website where I post real examples of phishing emails that we’ve received as well as images of some of the standard bank or delivery service emails. It is one of the most prevalent forms of unintentional insider misuse we see. Bob — Bob Hillhouse, CISSP Associate CIO & Chief Information Security Officer The University of Tennessee, Knoxville bob () utk edu 865-406-8981 (cell) 865-974-8445 (office) Keep your NetID information secure. Don't reply to any email that asks for your personal information. Report any suspicious requests to the OIT HelpDesk at (865) 974-9900. From: <Fowler>, Becky Thurmond Reply-To: The EDUCAUSE Security Constituent Group Listserv Date: Wednesday, February 18, 2015 at 9:58 AM To: The EDUCAUSE Security Constituent Group Listserv Subject: [SECURITY] Phishing your users We’ve tossed around the idea of phishing our users (as an awareness/education activity) for the past few years. I’m ready to make another push to upper management to move forward with this project but I was wondering if anyone had any war stories (good or bad) to share before I make my pitch. Thanks! *Becky Thurmond Fowler* Manager, Security Assessments & Incident Response Division of IT – Information Security & Access Management University of Missouri-Columbia becky () missouri edu 573.882.5182
Current thread:
- Phishing your users Fowler, Becky Thurmond (Feb 18)
- Re: Phishing your users Brad Judy (Feb 18)
- Re: Phishing your users Jeffrey Sabin (Feb 18)
- Re: Phishing your users Ben Woelk (Feb 18)
- <Possible follow-ups>
- Re: Phishing your users Hillhouse, Bob (Bob) (Feb 18)
- Re: Phishing your users Sol Bermann (Feb 18)
- Re: Phishing your users David Escalante (Feb 18)
- Re: Phishing your users Andrew Lawlor (Feb 18)
- Re: Phishing your users Daniel Robert Adinolfi (Feb 18)
- Re: Phishing your users Sol Bermann (Feb 18)
- Re: Phishing your users Brad Judy (Feb 18)