Educause Security Discussion mailing list archives
Re: Phishing Links
From: James Farr '05 <jfarr () UTICA EDU>
Date: Wed, 7 Jul 2010 14:39:55 -0400
Brian, Thanks for the encouragement. I have been tracking successful and unsuccessful phishing attempts for 2 years now. Things have gotten better. We now go several months between incidents. Justin, Thanks for the reminder. If I am trying to set a standard at my school that BIG BANK CORP and BIG BOX STORE do not follow the meaning behind my message may have no meaning. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, Brian Sent: Wednesday, July 07, 2010 2:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing Links Don't be discouraged! Awareness is very challenging, but it can be effective as an ongoing effort without any silver bullets. The University of Wisconsin recently created some very clever ads that we think do a good job of directly addressing phishing. We are pretty excited about them, and plan on distributing a version of them in the coming weeks: http://www.cio.wisc.edu/security/awareness/09campaign.aspx Every little effort helps! :) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Office Pima Community College Office: 520-206-4873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pete Hickey Sent: Wednesday, July 07, 2010 11:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing Links I gave up. You can't fight it. The worst here was a time we... because of a possible 'incident'... we wanted everyone to change a
password
(legacy... we can't force change passwords on that system) The PR people actually wanted to send out an email saying due to xxxxx we are requiring everyone to change passwords. Click here to change yours. Yeah! When the 'make it easy for the user at all costs' mindset is around, it's
a
tough fight. (I did win that one by putting their message alongside a
phishing
one). More abstract than that just would not work. On Wed, Jul 07, 2010 at 02:05:41PM -0400, James Farr '05 wrote:It is hard to educate some users on the difference between legitimate and phony web links in email, and it is easy enough to fake a website. For that reason I would like to propose that no official college communication is sent with an active link in it. Problems, Some clients while trying to be helpful make links clickable that I do not want clickable. Links can be inserted as a picture, but not all clients show pictures by default. We can give directions to a website, in order to check your mail go to our homepage, click on login and select webmail, but some users cannot/will not follow those instructions. Would this solution cause more harm than good? What are your thoughts/rules? IITS will never ask you for your password. Never email your password to anyone. James Farr Information Security Officer Instructional Technologist Utica College <mailto:jfarr () utica edu> jfarr () utica edu 315-223-2386-- Pete Hickey The University of Ottawa "Everyone knows someone Ottawa, Ontario who knows someone else" Canada
Current thread:
- Phishing Links James Farr '05 (Jul 07)
- Re: Phishing Links Ben Woelk (Jul 07)
- Re: Phishing Links Pete Hickey (Jul 07)
- Re: Phishing Links Basgen, Brian (Jul 07)
- Re: Phishing Links James Farr '05 (Jul 07)
- Re: Phishing Links Jeff Kell (Jul 07)
- Re: Phishing Links Basgen, Brian (Jul 07)
- Re: Phishing Links Justin Azoff (Jul 07)
- Re: Phishing Links David Escalante (Jul 07)
- Re: Phishing Links Eric Case (Jul 07)
- Re: Phishing Links Joel Rosenblatt (Jul 07)
- Re: Phishing Links Flynn, Gary - flynngn (Jul 07)
- Re: Phishing Links Pete Hickey (Jul 07)
- Re: Phishing Links Martin Manjak (Jul 07)
- Re: Phishing Links Ben Woelk (Jul 07)
- Re: Phishing Links Martin Manjak (Jul 20)
- Re: Phishing Links Pete Hickey (Jul 07)