Educause Security Discussion mailing list archives

Re: Self-Phishing - show of hands

From: Stefan Wahe <stefan.wahe () WISC EDU>
Date: Thu, 11 Feb 2016 16:40:56 +0000

We run phish tests against all staff of our central IT department (700 employees) and employees in our Medical School.  
We are expanding to other departments as well as providing an Opt-In service for students, staff and faculty who want 
to participate in a phishing awareness program. 
Phishline (http://www.phishline.com/)
We having been phishing central IT staff since March 2013. 
From:  The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Dennis Duncan 
<dduncan () CORD EDU>
Reply-To:  The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date:  Thursday, February 11, 2016 at 10:23 AM
To:  "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject:  Re: [SECURITY] Self-Phishing - show of hands

1.      We run phish tests against all employee accounts, Faculty & Staff

2.      KnowBe4.com

3.      Since the start of the school year, September 2015

Along with the phishing email campaigns, we also have employees go through KnowBe4’s security awareness training.  This 
training has been very well received by our community.

-- 

Dennis Duncan, CISSP

Director, IT Infrastructure Services

Information Security Officer

CONCORDIA COLLEGE│901 8TH ST S│MOORHEAD, MN 56562

ph: 218.299.4192 │dduncan () cord edu│www.cord.edu

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eric 
Weakland
Sent: Thursday, February 11, 2016 9:38 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Self-Phishing - show of hands

Greetings,

I'm working on a publication on self phishing for HEISC and preparing to leverage our self-phishing service (SANS) in 
the coming year.  I am trying to develop a list of universities who are doing "self phishing". 

If your institution is self phishing your community - would you mind dropping me a note with the following items.

Who are you phishing? (Select groups, All Staff, All Faculty, All Students, everyone etc.)
What are you using? (Vendor, custom or opensource and the name of the vendor or project.)
How long have you been phishing your customers?

Thanks everyone!

Regards, 

Eric Weakland, CISSP, CISM, CRISC
Director, Information Security
Office of Information Technology 
American University
eric at american.edu
202.885.2241

_____________________________________________
Emails from IT asking you to log in with a link are scams!

Attachment: smime.p7s
Description:

Current thread:

Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Kevin P. Sale (Feb 11)
  - Re: Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Jeff Choo (Feb 11)
- Re: Self-Phishing - show of hands Feehan, Patrick (Feb 11)
  - Re: Self-Phishing - show of hands Eric Weakland (Feb 11)
- Re: Self-Phishing - show of hands Dennis Duncan (Feb 11)
  - Re: Self-Phishing - show of hands Stefan Wahe (Feb 11)
  - Re: Self-Phishing - show of hands Christine Streeter (Feb 11)
    - Re: Self-Phishing - show of hands Jenny Blaine (Feb 11)
    - Re: Self-Phishing - show of hands Sol Bermann (Feb 12)
- Re: Self-Phishing - show of hands Melanie Lever (Feb 12)
- Re: Self-Phishing - show of hands George Moore (Feb 16)
- Re: Self-Phishing - show of hands Paul Chauvet (Feb 17)