Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: phishing irony

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Thu, 12 Feb 2009 14:29:02 -0500
Pete Hickey wrote:

On Thu, Feb 12, 2009 at 08:45:09AM -0700, Ozzie Paez wrote:

One of the more useful and interesting approaches to awareness and training
that I have seen involved a company that would come into the organization
and create a fake web site that looked similar to the real one.  They would
then send out phishing messages to the 'target' population and track the
response.


We talked about doing something like this, but thought that people would
be upset at receiving something like that from us.



Agreed. I made up a phishing site by cloning bug chunks of our webmail
login page -- the boss pointed out before I emailed the populace that
fostering distrust of emails from the IT group might be a foolhardy move
on my part. So it got scrapped.

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Previous By Date Next
Previous By Thread Next

Current thread: