Re: Phishing and Security Awareness Training - Faculty

["Sburlea, Stefan" <sburlea () CHAPMAN EDU>]

That is the one thing that phishing and targeted advertising have in common.


Best Regards,

Stefan Sburlea

Chapman University, IS&T
Information Security Specialist
sburlea () chapman edu
Desk Phone: 714-744-7802
Chapman University I One University Drive I Orange, California 92866
UNIVERSITY STAFF WILL NEVER ASK FOR YOUR PASSWORD - DO NOT SHARE YOUR PASSWORD WITH OTHERS!

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn
Sent: Thursday, April 14, 2016 6:01 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Phishing and Security Awareness Training - Faculty


I need to backtrack a comment I made that I realize has an exception:



On Apr 13, 2016, at 16:55, I <bob.bayn () USU EDU<mailto:bob.bayn () usu edu>> wrote:


Even though we still refer to the "gullible...skeptical...paranoid" continuum in our training, most victims of real 
phish are not actually gullible but are either multi-tasking and not giving the threat enough attention to recognize it 
or the phishing "story" happens to coincide with what is happening in the recipient's life at the moment.  Spanning 
phishers can afford to use a specific story that only rings true with a few of their recipients, because it doesn't 
cost them anything to not fool the others.

They are HOPING that it doesn't cost them anything to not fool the others.  But when those others know a way to 
effectively report the mischief they recognize, that can help thwart the whole attack.  If they know how to do any of:

  *   report the message as spam
  *   report the link to the hosting service abuse address
  *   report the link to Google: https://www.google.com/safebrowsing/report_phish/
  *   report the link to Symantec: https://submit.symantec.com/antifraud/phish.cgi
  *   report the message and link to PhishTank: https://www.phishtank.com/index.php
  *   report the message to the REN-ISAC "chum" project:  phish () ren-isac net<mailto:phish () ren-isac net>
  *   report the message to their local IT Security team (who may do all the others)

then the cost of "not fooling the others" goes up.




Bob Bayn      SER 301      (435)797-2396    IT Security Team
Office of Information Technology,         Utah State University

    Report any suspicious message by forwarding it as an
    attachments (ctrl-alt-F in Outlook) to phish () usu edu<mailto:phish () usu edu>.
    The attachment format preserves hidden delivery header
    information that is helpful for reporting or blocking.

    Do you know the "Skeptical Hover Technique" and
    how to tell where a web link really goes?  See:
    
https://it.usu.edu/computer-security/computer-security-threats/articleID=23737<%20https:/it.usu.edu/computer-security/computer-security-threats/articleID=23737>