Educause Security Discussion mailing list archives

Re: Self-Phishing - show of hands

From: "Kevin P. Sale" <Kevin.Sale () KAUST EDU SA>
Date: Thu, 11 Feb 2016 15:51:04 +0000

We phish our entire organization on a rolling schedule of click only, attachment and credential submission emails every 
6-9 months. We also phish all new starters.
The program has been running for just over 2 years now.
We're using PhishMe and we are very happy with it.

We have found it a very effective awareness tool, with some of our top leadership being both the most susceptible to 
our tests and then most supportive.

Work with HR and Legal when planning the program to make sure you don't upset anyone too much and to also provide you 
some cover when inevitably you catch a whale and they start complaining.

Kevin Sale.


Sent from mobile device. Please excuse the brevity and any spelling mistakes.

_____________________________
From: Eric Weakland <eric () american edu<mailto:eric () american edu>>
Sent: Thursday, February 11, 2016 6:38 PM
Subject: [SECURITY] Self-Phishing - show of hands
To: <security () listserv educause edu<mailto:security () listserv educause edu>>


Greetings,

I'm working on a publication on self phishing for HEISC and preparing to leverage our self-phishing service (SANS) in 
the coming year.  I am trying to develop a list of universities who are doing "self phishing".

If your institution is self phishing your community - would you mind dropping me a note with the following items.

Who are you phishing? (Select groups, All Staff, All Faculty, All Students, everyone etc.)
What are you using? (Vendor, custom or opensource and the name of the vendor or project.)
How long have you been phishing your customers?

Thanks everyone!

Regards,

Eric Weakland, CISSP, CISM, CRISC
Director, Information Security
Office of Information Technology
American University
eric at american.edu<http://american.edu>
202.885.2241<tel:202.885.2241>

_____________________________________________
Emails from IT asking you to log in with a link are scams!


________________________________

This message and its contents including attachments are intended solely for the original recipient. If you are not the 
intended recipient or have received this message in error, please notify me immediately and delete this message from 
your computer system. Any unauthorized use or distribution is prohibited. Please consider the environment before 
printing this email.

Current thread:

Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Kevin P. Sale (Feb 11)
  - Re: Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Jeff Choo (Feb 11)
- Re: Self-Phishing - show of hands Feehan, Patrick (Feb 11)
  - Re: Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Dennis Duncan (Feb 11)
  - Re: Self-Phishing - show of hands Stefan Wahe (Feb 11)
  - Re: Self-Phishing - show of hands Christine Streeter (Feb 11)
    - Re: Self-Phishing - show of hands Jenny Blaine (Feb 11)
    - Re: Self-Phishing - show of hands Sol Bermann (Feb 12)
- Re: Self-Phishing - show of hands Melanie Lever (Feb 12)

(Thread continues...)