Re: Success Outcomes of Using External Sender Email Disclaimers

[Patrick McElhinney <patrick.mcelhinney () NEWCASTLE EDU AU>]

Hi Jon,

Keen to know if you have any longer term statistics on the ongoing effectiveness of this control.  Was the 41% 
reduction sustained, or did its usefulness diminish over time?

Regards,  Patrick

PATRICK McELHINNEY | Senior Security Specialist
IT Services - Resources Division

Tel:         +61 2 498 54156
Mobile:   +61 437 680 105
Email:    patrick.mcelhinney () newcastle edu au<mailto:patrick.mcelhinney () newcastle edu au>

The University of Newcastle (UON)
University Drive, Callaghan NSW 2308 Australia
[The University of Newcastle]<http://www.newcastle.edu.au/>
[http://s.uon.nu/img/vert-divider-2017.png]
[The World Needs New]<http://www.newcastle.edu.au/new>


Ranked in the top 1% of universities in the world by
QS World University Rankings 2017/18

CRICOS Provider 00109J



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Coller, Jon
Sent: Tuesday, 28 January 2020 6:47 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [EXTERNAL] - Re: [SECURITY] Success Outcomes of Using External Sender Email Disclaimers

This message originated outside your organisation.
________________________________
Hi Mark,

We have been running internal phishing simulations for several years, so we have some baseline data on susceptibility 
to different types of bait emails. This, combined with a gradual roll-out, let us do some A/B testing to determine if 
the warning were effective. We've had a 41% reduction in click-rate for targeted phishing after implementing the 
warnings. Oddly enough the reduction was quite consistent across multiple types / qualities of bait, even though they 
have dramatically different raw click rates.


Jon Coller
Chief Information Security Officer

University of Saskatchewan
Information & Communication Technology
Ph: 306-966-4858

[cid:image001.jpg@01D5836A.EE0D51C0]



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Mark Janowiak
Sent: Friday, January 24, 2020 1:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Success Outcomes of Using External Sender Email Disclaimers

CAUTION: This email originated from outside of the University of Saskatchewan. Do not click links or open attachments 
unless you recognize the sender and know the content is safe. If in doubt, please forward suspicious emails to phishing 
() usask ca<mailto:phishing () usask ca>

It seems the addition of external sender disclaimers on emails from outside an organization seems commonplace now.  I 
wonder if anyone has performed any credible studies to determine if this type of disclaimer actually influences 
behavior in the way we all hope - reducing the number of people who fall victim to phishing or spoofing? If so, how 
effective are they over a longer period of time? Have you seen them become less effective as people become accustomed 
to seeing them on every external message?

Mark Janowiak
Hillsdale College



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community<https://www.educause.edu/community>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community<https://www.educause.edu/community>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community