Educause Security Discussion mailing list archives
Re: Success Outcomes of Using External Sender Email Disclaimers
From: "Coller, Jon" <jonathan.coller () USASK CA>
Date: Mon, 27 Jan 2020 19:47:00 +0000
Hi Mark, We have been running internal phishing simulations for several years, so we have some baseline data on susceptibility to different types of bait emails. This, combined with a gradual roll-out, let us do some A/B testing to determine if the warning were effective. We've had a 41% reduction in click-rate for targeted phishing after implementing the warnings. Oddly enough the reduction was quite consistent across multiple types / qualities of bait, even though they have dramatically different raw click rates. Jon Coller Chief Information Security Officer University of Saskatchewan Information & Communication Technology Ph: 306-966-4858 [cid:image001.jpg@01D5836A.EE0D51C0] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mark Janowiak Sent: Friday, January 24, 2020 1:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Success Outcomes of Using External Sender Email Disclaimers CAUTION: This email originated from outside of the University of Saskatchewan. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, please forward suspicious emails to phishing () usask ca<mailto:phishing () usask ca> It seems the addition of external sender disclaimers on emails from outside an organization seems commonplace now. I wonder if anyone has performed any credible studies to determine if this type of disclaimer actually influences behavior in the way we all hope - reducing the number of people who fall victim to phishing or spoofing? If so, how effective are they over a longer period of time? Have you seen them become less effective as people become accustomed to seeing them on every external message? Mark Janowiak Hillsdale College ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Success Outcomes of Using External Sender Email Disclaimers Mark Janowiak (Jan 24)
- Re: Success Outcomes of Using External Sender Email Disclaimers Coller, Jon (Jan 27)
- Re: Success Outcomes of Using External Sender Email Disclaimers Patrick McElhinney (Jan 27)
- Re: Success Outcomes of Using External Sender Email Disclaimers Coller, Jon (Jan 28)
- Re: Success Outcomes of Using External Sender Email Disclaimers Patrick McElhinney (Jan 27)
- Re: Success Outcomes of Using External Sender Email Disclaimers Coller, Jon (Jan 27)