Educause Security Discussion mailing list archives

Re: Repeat offenders during phishing campaign

From: "McCrary, Barbara" <bmccrary () OSRHE EDU>
Date: Tue, 21 Mar 2017 17:14:11 +0000

I find that a discreet discussion one on one with the offenders goes a long way to improving their education.  I make 
the conversation an indictment against the criminals that cause these concerns and solicit their support and help to 
combat the insidious and constant attack on "our" intelligence.  Soon I have an ally in the ranks that rather than 
falling for the phishing, actually begins reporting them to me.

Then I strengthen the alliances by sending out the alert on the phishing they reported.  I do this whether it is a 
campaign or not.  I inform people about the characteristics of the phishing and ask people to report what they see. I 
then give credit to the first reporter and call them our network guardian, (this changes up) for today.  People get 
very engaged in helping to protect the network if they feel they can actually be a help.  Pretty soon you have a very 
savvy workforce that work with you not against you.

I offer consistent reminders throughout the month, at least one a month that gives users tools that help them recognize 
phishing.  I target my alerts sometimes, especially if it is going to affect a particular group such as HR or Finance.

Barbara McCrary
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+
bmccrary () osrhe edu<mailto:bmccrary () osrhe edu>

Protecting data is a shared responsibility!

INSTALL antivirus and antispyware software.
USE strong passwords.
KNOW who you are dealing with online.
STORE confidential and sensitive data on encrypted devices only.
SHUT DOWN home computers or disconnect from the Internet when not in use.

Oklahoma State Regents for Higher Education
655 Research Parkway
Suite 200
Oklahoma City, OK  73104
405 225.9316 office
405 234.4321 cell
405 234.4588 fax

Note:  This communication and attachments, if any, are intended solely for the use of the addressee hereof.  In 
addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt 
from disclosure under applicable law, including, but not limited to, the Privacy Act of 1974.  If you are not the 
intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, 
disseminating, or otherwise using this information.  If you have received this message in error, please promptly notify 
the sender and immediately, delete this communication from your system.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Williams
Sent: Tuesday, March 21, 2017 12:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Repeat offenders during phishing campaign

While I'm not technically in my IT security department anymore - I still always have that hat on, so that being said, 
here's my response.  I think phishing campaigns work when they are used for training purposes.  The moment that you 
single out people, IT now becomes a spy entity and you lose trust with not only the individuals who you singled as 
repeat offenders, but everyone who the repeat offenders also then tell.

When CU first started phishing campaigns years ago, it was specifically stated that absolutely no one, with the 
exception of the person running the campaign know, who fell for it.  This keeps trust intact in my opinion.

Real phishing compromises are different and they should be talked to and singled out because there are consequences.

Greg Williams, ME
Director of Networks and Infrastructure
Information Technology

Adjunct Faculty
Department of Computer Science - College of Engineering and Applied Science

University of Colorado Colorado Springs
1420 Austin Bluffs Parkway, (EPC 136A)
Colorado Springs, CO 80918
Phone: (719) 255-3292
www.uccs.edu<http://www.uccs.edu/>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob 
Milman
Sent: Tuesday, March 21, 2017 10:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Repeat offenders during phishing campaign

Hi everyone,

We have been running a phishing campaign since last fall. There have been a small number of repeat offenders, which our 
vendor has identified as high-risk individuals. Have any of you dealt with this situation and developed a process that 
you'd like to share?

Thanks,

Rob

[cid:image004.png@01D18F19.9217E950]

Rob Milman
Security & Compliance Analyst
Information Systems

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 - 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401  (Cell) 403.606.3173
rob.milman () sait ca<mailto:rob.milman () sait ca>

Current thread:

Repeat offenders during phishing campaign Rob Milman (Mar 21)
- Re: Repeat offenders during phishing campaign Barton, Robert W. (Mar 21)
- Re: Repeat offenders during phishing campaign Greg Williams (Mar 21)
  - Re: Repeat offenders during phishing campaign McCrary, Barbara (Mar 21)
- Re: Repeat offenders during phishing campaign Ben Woelk (Mar 21)
  - Re: Repeat offenders during phishing campaign Rob Milman (Mar 21)
    - Re: Repeat offenders during phishing campaign James Valente (Mar 21)
    - Re: Repeat offenders during phishing campaign Frank Barton (Mar 21)
    - Re: Repeat offenders during phishing campaign James Valente (Mar 21)
    - Re: Repeat offenders during phishing campaign Urrea, Nick (Mar 21)
    - Re: Repeat offenders during phishing campaign Steven Alexander (Mar 21)
    - Re: Repeat offenders during phishing campaign Brad Judy (Mar 21)
    - Re: Repeat offenders during phishing campaign Vest, Shawn E (Mar 26)