Educause Security Discussion mailing list archives
Re: Phishing your users
From: Daniel Robert Adinolfi <dra1 () CORNELL EDU>
Date: Wed, 18 Feb 2015 15:24:55 +0000
On Feb 18, 2015, at 10:06 AM, "Hillhouse, Bob (Bob)" <bob () UTK EDU> wrote:
We are interested in this as well. I’ve considered a “Phish-Bowl” website where I post real examples of phishing emails that we’ve received as well as images of some of the standard bank or delivery service emails. It is one of the most prevalent forms of unintentional insider misuse we see.
In addition to a "Phish Bowl", consider also having a site that lists verified communications from your administration, HR, etc. (This site should be locked down to your community, so the bad guys don't use the samples there for more sophisticated spear phishing.) We have such a site so people can check on an official-looking message before reporting it (erroneously) as a phish. The hard part is training your administrators to send messages to your office ahead of time to add legit messages before they get sent. (Once these two components are in place, the truly hardest part is training folks to check those sites before inundating your support email queues with "I saw this phish and I wanted to share it with you and I tried to send it but your mail system blocked it so how can I report this phish if you won't let it get sent".) -Dan _______________________ Daniel Adinolfi, CISSP Senior Security Engineer, IT Security Office Cornell University - Office of the CIO email: dra1 () cornell edu phone: 607-255-7657
Current thread:
- Phishing your users Fowler, Becky Thurmond (Feb 18)
- Re: Phishing your users Brad Judy (Feb 18)
- Re: Phishing your users Jeffrey Sabin (Feb 18)
- Re: Phishing your users Ben Woelk (Feb 18)
- <Possible follow-ups>
- Re: Phishing your users Hillhouse, Bob (Bob) (Feb 18)
- Re: Phishing your users Sol Bermann (Feb 18)
- Re: Phishing your users David Escalante (Feb 18)
- Re: Phishing your users Andrew Lawlor (Feb 18)
- Re: Phishing your users Daniel Robert Adinolfi (Feb 18)
- Re: Phishing your users Sol Bermann (Feb 18)
- Re: Phishing your users Brad Judy (Feb 18)