Educause Security Discussion mailing list archives

Re: Internal Phishing Simulation Advice

From: Eric Weakland <eric () AMERICAN EDU>
Date: Mon, 17 Dec 2018 16:44:06 +0000

Sandy Silk and I did a webinar – that was a lot of fun!- on this exact topic in 2017.

https://library.educause.edu/resources/2017/4/heisc-webinar-chapter-1-getting-your-campus-ready-for-a-phishing-awareness-campaign



Eric Weakland, CISSP, CISM, CRISC
Director, Information Security
Office of Information Technology
American University
eric at american.edu
202.885.2241

_____________________________________________
Emails from IT asking you to log in with a link are scams!


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Valerie Vogel 
<vvogel () EDUCAUSE EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, December 17, 2018 at 11:42 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Internal Phishing Simulation Advice

Thanks for sharing your blog, Brad!

The Higher Education Information Security Council’s Awareness & Training group also published this resource on Phishing 
Simulation Programs around the same time: 
https://library.educause.edu/resources/2016/4/phishing-simulation-programs<https://urldefense.proofpoint.com/v2/url?u=https-3A__library.educause.edu_resources_2016_4_phishing-2Dsimulation-2Dprograms&d=DwMGaQ&c=U0G0XJAMhEk_X0GAGzCL7Q&r=rwmQzQ83PyWVjNuYDJl11Kb0Rg61TcIkzm5etUZc0Gg&m=AZ0N2SpMesNkiNWv4ohtmNc0v7ZbRUpNeuMD2zMLV0s&s=9gRDaMGJ5dyvE8WkAfRzPpmRYZjNRqwKyndjpoittqc&e=>

Kind regards,
Valerie

Valerie Vogel
Interim Director, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | Follow HEISC on 
LinkedIn<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_showcase_higher-2Deducation-2Dinformation-2Dsecurity-2Dcouncil-2Dheisc-2D_&d=DwMGaQ&c=U0G0XJAMhEk_X0GAGzCL7Q&r=rwmQzQ83PyWVjNuYDJl11Kb0Rg61TcIkzm5etUZc0Gg&m=AZ0N2SpMesNkiNWv4ohtmNc0v7ZbRUpNeuMD2zMLV0s&s=CKz4_XNuWO-ZRBi9_Oi8DkXXmsS9o3W6TX81eGo0lN0&e=>
 | twitter: @HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu>

From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Brad Judy <brad.judy () CU EDU>
Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, December 17, 2018 at 8:37 AM
To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Internal Phishing Simulation Advice

A couple of years ago I wrote up this for the Educause blog about successfully performing phishing simulations (based 
on the approach used while I was with Emory):

https://er.educause.edu/blogs/2016/4/phishing-your-users<https://urldefense.proofpoint.com/v2/url?u=https-3A__er.educause.edu_blogs_2016_4_phishing-2Dyour-2Dusers&d=DwMGaQ&c=U0G0XJAMhEk_X0GAGzCL7Q&r=rwmQzQ83PyWVjNuYDJl11Kb0Rg61TcIkzm5etUZc0Gg&m=AZ0N2SpMesNkiNWv4ohtmNc0v7ZbRUpNeuMD2zMLV0s&s=zBxkpue4F1dEFpzulK3tFGDIh2Ne2dZTJ_dIGI-EuWM&e=>

I have continued to use these guidelines as we have run a similar program here at CU.

Brad Judy

Information Security Officer
Office of Information Security
University of Colorado
1800 Grant Street, Suite 300
Denver, CO  80203
Office: (303) 860-4293
Fax: (303) 860-4302
www.cu.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cu.edu_&d=DwMGaQ&c=U0G0XJAMhEk_X0GAGzCL7Q&r=rwmQzQ83PyWVjNuYDJl11Kb0Rg61TcIkzm5etUZc0Gg&m=AZ0N2SpMesNkiNWv4ohtmNc0v7ZbRUpNeuMD2zMLV0s&s=KJlYbGRYnmixrhqn_UxPLqlNWOq2u2DT10YL4O8almk&e=>

[cu-logo_fl]


From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Valentijn, Ashley" <axv749 () MIAMI EDU>
Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, December 17, 2018 at 9:07 AM
To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Internal Phishing Simulation Advice


Good morning,



We want to launch an internal phishing simulation in order to better train our employees on recognizing phishing 
emails. Target participants are university faculty and staff.



Any advice, suggestions, and/or recommendations on how to successfully implement such a simulation would be much 
appreciated. We are looking at possibly using GoPhish or Microsoft's new Phishing Attack Simulator.



Thank you in advance! Feel free to send me a direct email or I am also open to the possibility of a quick phone call.



Warm Regards,
Ashley Valentijn
Security Engineer
Information Security Office
University of Miami
P: 305-284-4582 | E: axv749 () miami edu<mailto:axv749 () miami edu>

Current thread:

Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice, (continued)
- - - Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Michael Duff (Dec 17)
    - Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Kevin Wilcox (Dec 17)
    - Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Alexander Johnson (Dec 17)
    - Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Kevin Wilcox (Dec 17)
    - Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Shahra Meshkaty (Dec 17)
- Re: Internal Phishing Simulation Advice WALTER KERNER (Dec 17)
- Re: Internal Phishing Simulation Advice Allen Mundt (Dec 17)
- Re: Internal Phishing Simulation Advice Thomas Skill (Dec 17)
- Re: Internal Phishing Simulation Advice Brad Judy (Dec 17)
  - Re: Internal Phishing Simulation Advice Valerie Vogel (Dec 17)
    - Re: Internal Phishing Simulation Advice Eric Weakland (Dec 17)