Evaluation of Phishing Attempts for Community Notice

["Barton, Robert W." <bartonrt () LEWISU EDU>]

When considering sending out general alerts for phishing emails, what criteria do you use (if you do...)?  Number of 
users receiving the email?  Sophistication of email attack?  ‘Whale’ vs small fish targets?  Do staff/fac have a higher 
priority than students?  The reason I ask is we started with a straight numbers vs target comparison and now think we 
should have a more nuanced evaluation of when we send something out.  We don't want to flood inboxes with warnings (as 
the quantity of attacks has ticket upward), but want to send them out when necessary as they are also good reminders to 
be vigilant.  What do you do?

Robert W. Barton
Executive Director of Information Security & Policy
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community