Re: Dear RIPE: Please don't encourage phishing

[JC Dill <jcdill.lists () gmail com>]

On 10/02/12 10:00 AM, Jay Ashworth wrote:
> Even lots of*technical*  people just don't understand what "a security-
> related URL"*is*, and there's almost always no way to teach them.

Freakonomics recently aired a story about the problem of getting Doctors 
to follow hand hygiene rules and wash their hands as frequently as they 
are supposed to (upon entering and leaving each patient's room) to avoid 
spreading disease.  One of the biggest problems with changing behavior 
with doctors (and with technical people) is that the smarter people are, 
the more they chafe at being told they aren't doing things the correct way.

The most effective step they took to counter-act the hand-washing 
problems was using a screen-saver on all the public terminals, showing 
the consequences of not-washing - an image of a petri dish showing the 
bacteria results from a hand-print of a doctor's hand.

http://www.freakonomics.com/2012/01/24/how-to-get-doctors-to-wash-their-hands-visual-edition/


If you wanted to have a similar effect at $workplace, try a similar 
visual (e.g. a mockup of 2 screenshots, first clicking on a link in 
email then typing in a password on a webpage with a phishing URL (with a 
typo)) as the screen saver on all company computers; as the first slide 
in all in-house ppt presentations; on the wall at all card-lock entry 
doors, etc.

jc