Re: Repeat offenders during phishing campaign

[James Valente <jvalente () SALEMSTATE EDU>]

I've inquired about forcing users to attend education training but we're not
allowed to mandate any training like this, especially for faculty.

 

However, we are allowed to request they attend training. I sent out a bunch
of emails to repeat offenders last week with training material, and a little
note hoping the guilt of the workload created by them falling for a phish
(because they only  see the inconvenience of having a password reset, not
cleaning up a mess at 11:30pm on a Saturday night) encourages them to check
the material and be more cautious in the future.

 

--James

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob Milman
Sent: Tuesday, 21 March, 2017 15:53
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Repeat offenders during phishing campaign

 

Thanks Ben,

 

I have 17 repeat offenders so far(pretty low since we are phishing all our
staff). We are using SANS STH Phishing that does train the clickers on what
they should have looked for in the message. The repeat offenders have
technically had that training at least twice and some may have had my more
in depth awareness training if I've hit their school/department in the last
year.

 

Rob

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Woelk
Sent: Tuesday, March 21, 2017 1:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> 
Subject: Re: [SECURITY] Repeat offenders during phishing campaign

 

Rob,

Define "small number!" That's going to impact what you can do.

Are the offenders automatically forwarded to learning content about phishing
or otherwise notified they've taken the bait?

 

Ben Woelk '07 CISSP

ISO Program Manager

Information Security Office

Rochester Institute of Technology

ROS 10-A204

151 Lomb Memorial Drive

Rochester, New York 14623 

585.475.4122

585.475.7920 fax

 <mailto:ben.woelk () rit edu> ben.woelk () rit edu

 <http://www.rit.edu/security/> http://www.rit.edu/security/

 

Become a fan of RIT Information Security at
<http://rit.facebook.com/profile.php?id=6017464645>
http://rit.facebook.com/RITInfosec

 

Follow us on Twitter:  <http://twitter.com/RIT_InfoSec>
http://twitter.com/RIT_InfoSec

 

CONFIDENTIALITY NOTE:  The information transmitted, including attachments,
is intended only for the person(s) or entity to which it is addressed and
may contain confidential and/or privileged material.  Any review,
retransmission, dissemination or other use of, or taking of any action in
reliance upon this information by persons or entities other than the
intended recipient is prohibited.  If you received this in error, please
contact the sender and destroy any copies of this information. 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob Milman
Sent: Tuesday, March 21, 2017 12:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> 
Subject: [SECURITY] Repeat offenders during phishing campaign

 

Hi everyone,

 

We have been running a phishing campaign since last fall. There have been a
small number of repeat offenders, which our vendor has identified as
high-risk individuals. Have any of you dealt with this situation and
developed a process that you'd like to share?

 

Thanks,

 

Rob

 




Rob Milman

Security & Compliance Analyst

Information Systems

 

Southern Alberta Institute of Technology

EH Crandell Building, GA 214

1301 - 16 Avenue NW, Calgary AB, T2M 0L4

 

(Office) 403.774.5401  (Cell) 403.606.3173

 <mailto:rob.milman () sait ca> rob.milman () sait ca

Attachment: smime.p7s
Description: