Educause Security Discussion mailing list archives
Re: Phishing Paranoia
From: Dave Broucek <dbroucek () HARPERCOLLEGE EDU>
Date: Fri, 4 Dec 2020 18:09:43 +0000
We are very similar in wanting people to report the phishing emails and provide feedback on the legitimacy or lack of legitimacy of the phishing email reported. It also is a conversation on what made them think it was legit and how to further detect emails that appear to be phishing and are not. The conversations help to really give context on how to detect suspicious emails more effectively, and what to focus in on to help with detection. We also add to the conversation, and generally encourage, employees to use the Report as Phishing button that is integrated into our email. Regards, Dave Broucek From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jason Edelstein Sent: Friday, December 4, 2020 9:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing Paranoia External Email. We've gotten this, too - even to the point of people using our Proofpoint "report a phish" button to report their own junkmail summaries or official content from bulkmailing services used. My personal favorite are the reports of our president's periodic but entirely plaintext emails. What we do is twofold: 1. We absorb the reports and do not tell people, "Don't report this!" Instead, we try to take some time and say, "Thanks for this report, but this one is legit. Why did you report it?" and then have an additional learning moment. This reduces the ratio of overzealous folks. 2. Routinely tell distributed IT and divisional folks to proactively educate their users on what is legit, forming a second layer of shielding. If a department's admin team or power users are aware of the official channels, it can help spread awareness outside the routine training campaign. We still have one department chair who forwards emails to us (he won't use the reporting button, it is a source of awe to me) and almost all of them are legitimate. We eventually wrote an automatic reply template to echo #1 as an email so it's click, paste, next ticket. -je- On 12/4/20 9:09 AM, Dana Kilcrease wrote: We run regular security awareness training focused largely on simulated phishing campaigns. Overall, the response has been great, and awareness has gone up over the years. However, we have a growing number of users who continue to over report "suspicious" emails, to the point that any corporate communications are typically followed by dozens of phone calls to our Helpdesk reporting these communications as suspicious, even if they do not contain any of the red flags we teach through our training. Has anyone faced this with their training campaigns? Any insight as to how to strike the best balance to ensure users are reading emails critically, rather than blindly reporting anything that is remotely outside of their day-to-day? Dana Kilcrease Director, Information Security Berkeley College ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdbroucek%40HARPERCOLLEGE.EDU%7Ce4629ed4ee784c523db008d8986ceb01%7C41791c41ffcb45e49c1d11a6b502a6d7%7C0%7C1%7C637426940866101026%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=RgphgJxCkk6BnJLiiptICsbYOZFcD88lKVwXpUv3awI%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdbroucek%40HARPERCOLLEGE.EDU%7Ce4629ed4ee784c523db008d8986ceb01%7C41791c41ffcb45e49c1d11a6b502a6d7%7C0%7C1%7C637426940866101026%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=RgphgJxCkk6BnJLiiptICsbYOZFcD88lKVwXpUv3awI%3D&reserved=0> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Phishing Paranoia Dana Kilcrease (Dec 04)
- Re: Phishing Paranoia Jason Edelstein (Dec 04)
- Re: Phishing Paranoia Dave Broucek (Dec 04)
- <Possible follow-ups>
- Re: Phishing Paranoia Dana Kilcrease (Dec 04)
- Re: Phishing Paranoia Glenn Forbes Fleming Larratt (Dec 04)
- Re: Phishing Paranoia Jason Edelstein (Dec 04)