Educause Security Discussion mailing list archives
Re: Phishing Paranoia
From: Jason Edelstein <jasone () UCHICAGO EDU>
Date: Fri, 4 Dec 2020 09:54:38 -0600
We've gotten this, too - even to the point of people using our Proofpoint "report a phish" button to report their own junkmail summaries or official content from bulkmailing services used. My personal favorite are the reports of our president's periodic but entirely plaintext emails.
What we do is twofold:1. We absorb the reports and do not tell people, "Don't report this!" Instead, we try to take some time and say, "Thanks for this report, but this one is legit. Why did you report it?" and then have an additional learning moment. This reduces the ratio of overzealous folks.
2. Routinely tell distributed IT and divisional folks to proactively educate their users on what is legit, forming a second layer of shielding. If a department's admin team or power users are aware of the official channels, it can help spread awareness outside the routine training campaign.
We still have one department chair who forwards emails to us (he won't use the reporting button, it is a source of awe to me) and almost all of them are legitimate. We eventually wrote an automatic reply template to echo #1 as an email so it's click, paste, next ticket.
-je- On 12/4/20 9:09 AM, Dana Kilcrease wrote:
We run regular security awareness training focused largely on simulated phishing campaigns. Overall, the response has been great, and awareness has gone up over the years. However, we have a growing number of users who continue to over report "suspicious" emails, to the point that any corporate communications are typically followed by dozens of phone calls to our Helpdesk reporting these communications as suspicious, even if they do not contain any of the red flags we teach through our training. Has anyone faced this with their training campaigns? Any insight as to how to strike the best balance to ensure users are reading emails critically, rather than blindly reporting anything that is remotely outside of their day-to-day? Dana Kilcrease Director, Information Security Berkeley College ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Phishing Paranoia Dana Kilcrease (Dec 04)
- Re: Phishing Paranoia Jason Edelstein (Dec 04)
- Re: Phishing Paranoia Dave Broucek (Dec 04)
- <Possible follow-ups>
- Re: Phishing Paranoia Dana Kilcrease (Dec 04)
- Re: Phishing Paranoia Glenn Forbes Fleming Larratt (Dec 04)
- Re: Phishing Paranoia Jason Edelstein (Dec 04)