Educause Security Discussion mailing list archives
Re: Repeat offenders during phishing campaign
From: Frank Barton <bartonf () HUSSON EDU>
Date: Tue, 21 Mar 2017 16:34:43 -0400
James, (et.al.) When a user falls for a [simulated] phish, do you consider their account to be compromised? our procedure for a compromised account is to immediately lock it down until we have gone through our set of cleaning checks. This can take some time, and, if an account is compromised outside of normal hours, we typically lock it out, and then clean the next day. If this matches your process (at least generally) do you find that the time during which they are locked out is a deterrent? Frank On Tue, Mar 21, 2017 at 4:20 PM, James Valente <jvalente () salemstate edu> wrote:
I’ve inquired about forcing users to attend education training but we’re not allowed to mandate any training like this, especially for faculty. However, we are allowed to request they attend training. I sent out a bunch of emails to repeat offenders last week with training material, and a little note hoping the guilt of the workload created by them falling for a phish (because they only see the inconvenience of having a password reset, not cleaning up a mess at 11:30pm on a Saturday night) encourages them to check the material and be more cautious in the future. --James *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Rob Milman *Sent:* Tuesday, 21 March, 2017 15:53 *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Repeat offenders during phishing campaign Thanks Ben, I have 17 repeat offenders so far(pretty low since we are phishing all our staff). We are using SANS STH Phishing that does train the clickers on what they should have looked for in the message. The repeat offenders have technically had that training at least twice and some may have had my more in depth awareness training if I’ve hit their school/department in the last year. Rob *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Ben Woelk *Sent:* Tuesday, March 21, 2017 1:42 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Repeat offenders during phishing campaign Rob, Define “small number!” That’s going to impact what you can do. Are the offenders automatically forwarded to learning content about phishing or otherwise notified they’ve taken the bait? Ben Woelk '07 CISSP ISO Program Manager Information Security Office Rochester Institute of Technology ROS 10-A204 151 Lomb Memorial Drive Rochester, New York 14623 585.475.4122 <(585)%20475-4122> 585.475.7920 <(585)%20475-7920> fax ben.woelk () rit edu http://www.rit.edu/security/ *Become a fan of RIT Information Security at * *http://rit.facebook.com/RITInfosec* <http://rit.facebook.com/profile.php?id=6017464645> *Follow us on Twitter: http://twitter.com/RIT_InfoSec <http://twitter.com/RIT_InfoSec>* *CONFIDENTIALITY NOTE*: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Rob Milman *Sent:* Tuesday, March 21, 2017 12:30 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Repeat offenders during phishing campaign Hi everyone, We have been running a phishing campaign since last fall. There have been a small number of repeat offenders, which our vendor has identified as high-risk individuals. Have any of you dealt with this situation and developed a process that you’d like to share? Thanks, Rob [image: cid:image004.png@01D18F19.9217E950] *Rob Milman* Security & Compliance Analyst Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 <(403)%20774-5401> (Cell) 403.606.3173 <(403)%20606-3173> *rob.milman () sait ca <rob.milman () sait ca>*
-- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- Repeat offenders during phishing campaign Rob Milman (Mar 21)
- Re: Repeat offenders during phishing campaign Barton, Robert W. (Mar 21)
- Re: Repeat offenders during phishing campaign Greg Williams (Mar 21)
- Re: Repeat offenders during phishing campaign McCrary, Barbara (Mar 21)
- Re: Repeat offenders during phishing campaign Ben Woelk (Mar 21)
- Re: Repeat offenders during phishing campaign Rob Milman (Mar 21)
- Re: Repeat offenders during phishing campaign James Valente (Mar 21)
- Re: Repeat offenders during phishing campaign Frank Barton (Mar 21)
- Re: Repeat offenders during phishing campaign James Valente (Mar 21)
- Re: Repeat offenders during phishing campaign Urrea, Nick (Mar 21)
- Re: Repeat offenders during phishing campaign Steven Alexander (Mar 21)
- Re: Repeat offenders during phishing campaign Brad Judy (Mar 21)
- Re: Repeat offenders during phishing campaign Vest, Shawn E (Mar 26)
- Re: Repeat offenders during phishing campaign Rob Milman (Mar 21)