Re: Evaluation of Phishing Attempts for Community Notice

["Matthew Nappi [Information Security]" <matthew.nappi () STONYBROOK EDU>]

Hi Robert:

We target actual recipients when we receive a report of a phishing email
that made into our mailboxes warning them that they were recipients of the
particular attack and encouraging them to let us know to they fell victim.
In terms of general campus-wide alerts, we do so based on observed trends.
For example, we sent an alert regarding Business Email Compromises on the
heels of several reported attempts and we sent a COVID specific alert when
we heard of reports in the wild, but before we actually received any
incoming reports because we were trying to get ahead of it. In any case,
it’s always hard to strike a balance between raising awareness and alert
fatigue, so we prefer targeted whenever possible.

On Thu, Jul 16, 2020 at 12:03 PM Barton, Robert W. <bartonrt () lewisu edu>
wrote:

> When considering sending out general alerts for phishing emails, what
> criteria do you use (if you do...)?  Number of users receiving the email?
> Sophistication of email attack?  ‘Whale’ vs small fish targets?  Do
> staff/fac have a higher priority than students?  The reason I ask is we
> started with a straight numbers vs target comparison and now think we
> should have a more nuanced evaluation of when we send something out.  We
> don't want to flood inboxes with warnings (as the quantity of attacks has
> ticket upward), but want to send them out when necessary as they are also
> good reminders to be vigilant.  What do you do?
>
> Robert W. Barton
>
> <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g>
>
> <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g>Executive
> Director of Information Security & Policy
> Lewis University
> One University Parkway
> <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g>
> Romeoville, IL
> <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g>
> 60446
> <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g>
> -2200
> 815-836-5663
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
-- 
Matt Nappi, CISSP | CISM | GIAC
Chief Information Security Officer
Assistant Vice President
Stony Brook University
631-632-4856 (24856) | 100 Nicolls Road, 11794
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by e-mail and destroy all copies of the original.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community