Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Phishing Paranoia

From: Jason Edelstein <jasone () UCHICAGO EDU>
Date: Fri, 4 Dec 2020 09:54:38 -0600
We've gotten this, too - even to the point of people using our Proofpoint "report a phish" button to report their own junkmail summaries or official content from bulkmailing services used. My personal favorite are the reports of our president's periodic but entirely plaintext emails. 

What we do is twofold:
1. We absorb the reports and do not tell people, "Don't report this!" Instead, we try to take some time and say, "Thanks for this report, but this one is legit. Why did you report it?" and then have an additional learning moment. This reduces the ratio of overzealous folks.
2. Routinely tell distributed IT and divisional folks to proactively educate their users on what is legit, forming a second layer of shielding. If a department's admin team or power users are aware of the official channels, it can help spread awareness outside the routine training campaign.
We still have one department chair who forwards emails to us (he won't use the reporting button, it is a source of awe to me) and almost all of them are legitimate. We eventually wrote an automatic reply template to echo #1 as an email so it's click, paste, next ticket. 

-je-

On 12/4/20 9:09 AM, Dana Kilcrease wrote:

We run regular security awareness training focused largely on simulated phishing campaigns.  Overall, the response has been 
great, and awareness has gone up over the years.  However, we have a growing number of users who continue to over report 
"suspicious" emails, to the point that any corporate communications are typically followed by dozens of phone calls to 
our Helpdesk reporting these communications as suspicious, even if they do not contain any of the red flags we teach through our 
training.

Has anyone faced this with their training campaigns?  Any insight as to how to strike the best balance to ensure users 
are reading emails critically, rather than blindly reporting anything that is remotely outside of their day-to-day?

Dana Kilcrease
Director, Information Security
Berkeley College

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community




**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: