Educause Security Discussion mailing list archives
Re: Self-Phishing - show of hands
From: "Kevin P. Sale" <Kevin.Sale () KAUST EDU SA>
Date: Thu, 11 Feb 2016 15:51:04 +0000
We phish our entire organization on a rolling schedule of click only, attachment and credential submission emails every 6-9 months. We also phish all new starters. The program has been running for just over 2 years now. We're using PhishMe and we are very happy with it. We have found it a very effective awareness tool, with some of our top leadership being both the most susceptible to our tests and then most supportive. Work with HR and Legal when planning the program to make sure you don't upset anyone too much and to also provide you some cover when inevitably you catch a whale and they start complaining. Kevin Sale. Sent from mobile device. Please excuse the brevity and any spelling mistakes. _____________________________ From: Eric Weakland <eric () american edu<mailto:eric () american edu>> Sent: Thursday, February 11, 2016 6:38 PM Subject: [SECURITY] Self-Phishing - show of hands To: <security () listserv educause edu<mailto:security () listserv educause edu>> Greetings, I'm working on a publication on self phishing for HEISC and preparing to leverage our self-phishing service (SANS) in the coming year. I am trying to develop a list of universities who are doing "self phishing". If your institution is self phishing your community - would you mind dropping me a note with the following items. Who are you phishing? (Select groups, All Staff, All Faculty, All Students, everyone etc.) What are you using? (Vendor, custom or opensource and the name of the vendor or project.) How long have you been phishing your customers? Thanks everyone! Regards, Eric Weakland, CISSP, CISM, CRISC Director, Information Security Office of Information Technology American University eric at american.edu<http://american.edu> 202.885.2241<tel:202.885.2241> _____________________________________________ Emails from IT asking you to log in with a link are scams! ________________________________ This message and its contents including attachments are intended solely for the original recipient. If you are not the intended recipient or have received this message in error, please notify me immediately and delete this message from your computer system. Any unauthorized use or distribution is prohibited. Please consider the environment before printing this email.
Current thread:
- Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Kevin P. Sale (Feb 11)
- Re: Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Jeff Choo (Feb 11)
- Re: Self-Phishing - show of hands Feehan, Patrick (Feb 11)
- Re: Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Dennis Duncan (Feb 11)
- Re: Self-Phishing - show of hands Stefan Wahe (Feb 11)
- Re: Self-Phishing - show of hands Christine Streeter (Feb 11)
- Re: Self-Phishing - show of hands Jenny Blaine (Feb 11)
- Re: Self-Phishing - show of hands Sol Bermann (Feb 12)
- Re: Self-Phishing - show of hands Kevin P. Sale (Feb 11)
- Re: Self-Phishing - show of hands Melanie Lever (Feb 12)