Educause Security Discussion mailing list archives
Re: Repeat offenders during phishing campaign
From: "McCrary, Barbara" <bmccrary () OSRHE EDU>
Date: Tue, 21 Mar 2017 17:14:11 +0000
I find that a discreet discussion one on one with the offenders goes a long way to improving their education. I make the conversation an indictment against the criminals that cause these concerns and solicit their support and help to combat the insidious and constant attack on "our" intelligence. Soon I have an ally in the ranks that rather than falling for the phishing, actually begins reporting them to me. Then I strengthen the alliances by sending out the alert on the phishing they reported. I do this whether it is a campaign or not. I inform people about the characteristics of the phishing and ask people to report what they see. I then give credit to the first reporter and call them our network guardian, (this changes up) for today. People get very engaged in helping to protect the network if they feel they can actually be a help. Pretty soon you have a very savvy workforce that work with you not against you. I offer consistent reminders throughout the month, at least one a month that gives users tools that help them recognize phishing. I target my alerts sometimes, especially if it is going to affect a particular group such as HR or Finance. Barbara McCrary Chief Information Security Officer MCSE, MCSE:Security, +Messaging, CompTia:Security+ bmccrary () osrhe edu<mailto:bmccrary () osrhe edu> Protecting data is a shared responsibility! INSTALL antivirus and antispyware software. USE strong passwords. KNOW who you are dealing with online. STORE confidential and sensitive data on encrypted devices only. SHUT DOWN home computers or disconnect from the Internet when not in use. Oklahoma State Regents for Higher Education 655 Research Parkway Suite 200 Oklahoma City, OK 73104 405 225.9316 office 405 234.4321 cell 405 234.4588 fax Note: This communication and attachments, if any, are intended solely for the use of the addressee hereof. In addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt from disclosure under applicable law, including, but not limited to, the Privacy Act of 1974. If you are not the intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, disseminating, or otherwise using this information. If you have received this message in error, please promptly notify the sender and immediately, delete this communication from your system. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Williams Sent: Tuesday, March 21, 2017 12:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Repeat offenders during phishing campaign While I'm not technically in my IT security department anymore - I still always have that hat on, so that being said, here's my response. I think phishing campaigns work when they are used for training purposes. The moment that you single out people, IT now becomes a spy entity and you lose trust with not only the individuals who you singled as repeat offenders, but everyone who the repeat offenders also then tell. When CU first started phishing campaigns years ago, it was specifically stated that absolutely no one, with the exception of the person running the campaign know, who fell for it. This keeps trust intact in my opinion. Real phishing compromises are different and they should be talked to and singled out because there are consequences. Greg Williams, ME Director of Networks and Infrastructure Information Technology Adjunct Faculty Department of Computer Science - College of Engineering and Applied Science University of Colorado Colorado Springs 1420 Austin Bluffs Parkway, (EPC 136A) Colorado Springs, CO 80918 Phone: (719) 255-3292 www.uccs.edu<http://www.uccs.edu/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob Milman Sent: Tuesday, March 21, 2017 10:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Repeat offenders during phishing campaign Hi everyone, We have been running a phishing campaign since last fall. There have been a small number of repeat offenders, which our vendor has identified as high-risk individuals. Have any of you dealt with this situation and developed a process that you'd like to share? Thanks, Rob [cid:image004.png@01D18F19.9217E950] Rob Milman Security & Compliance Analyst Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 - 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca<mailto:rob.milman () sait ca>
Current thread:
- Repeat offenders during phishing campaign Rob Milman (Mar 21)
- Re: Repeat offenders during phishing campaign Barton, Robert W. (Mar 21)
- Re: Repeat offenders during phishing campaign Greg Williams (Mar 21)
- Re: Repeat offenders during phishing campaign McCrary, Barbara (Mar 21)
- Re: Repeat offenders during phishing campaign Ben Woelk (Mar 21)
- Re: Repeat offenders during phishing campaign Rob Milman (Mar 21)
- Re: Repeat offenders during phishing campaign James Valente (Mar 21)
- Re: Repeat offenders during phishing campaign Frank Barton (Mar 21)
- Re: Repeat offenders during phishing campaign James Valente (Mar 21)
- Re: Repeat offenders during phishing campaign Urrea, Nick (Mar 21)
- Re: Repeat offenders during phishing campaign Steven Alexander (Mar 21)
- Re: Repeat offenders during phishing campaign Brad Judy (Mar 21)
- Re: Repeat offenders during phishing campaign Vest, Shawn E (Mar 26)
- Re: Repeat offenders during phishing campaign Rob Milman (Mar 21)