Re: Repeat offenders during phishing campaign

[Greg Williams <gwillia5 () UCCS EDU>]

While I'm not technically in my IT security department anymore - I still always have that hat on, so that being said, 
here's my response.  I think phishing campaigns work when they are used for training purposes.  The moment that you 
single out people, IT now becomes a spy entity and you lose trust with not only the individuals who you singled as 
repeat offenders, but everyone who the repeat offenders also then tell.

When CU first started phishing campaigns years ago, it was specifically stated that absolutely no one, with the 
exception of the person running the campaign know, who fell for it.  This keeps trust intact in my opinion.

Real phishing compromises are different and they should be talked to and singled out because there are consequences.

Greg Williams, ME
Director of Networks and Infrastructure
Information Technology

Adjunct Faculty
Department of Computer Science - College of Engineering and Applied Science

University of Colorado Colorado Springs
1420 Austin Bluffs Parkway, (EPC 136A)
Colorado Springs, CO 80918
Phone: (719) 255-3292
www.uccs.edu<http://www.uccs.edu/>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob 
Milman
Sent: Tuesday, March 21, 2017 10:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Repeat offenders during phishing campaign

Hi everyone,

We have been running a phishing campaign since last fall. There have been a small number of repeat offenders, which our 
vendor has identified as high-risk individuals. Have any of you dealt with this situation and developed a process that 
you'd like to share?

Thanks,

Rob

[cid:image004.png@01D18F19.9217E950]

Rob Milman
Security & Compliance Analyst
Information Systems

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 - 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401  (Cell) 403.606.3173
rob.milman () sait ca<mailto:rob.milman () sait ca>