Educause Security Discussion mailing list archives
Phishing awareness upon account reset
From: "Ullman, Catherine" <cende () BUFFALO EDU>
Date: Fri, 5 Apr 2013 10:23:12 -0400
Good morning! We are interested in finding out if there are any institutions out there that require some sort of basic awareness training as part of the process of account recovery and if so, what exactly you require your users to do. In other words, when we discover that an account is compromised, we have the account reset to its claim state and the person is required to show ID in order to reclaim the account. However, because we suspect that many of the compromised accounts become compromised because the user has clicked on a phishing link, we'd like them to ALSO have to perhaps take a short training exercise about phishing and answer a handful of questions before they can reclaim their account. Do any of your institutions require anything like this process? If so, would you please contact me either on or off list and let me know more about your process? Thanks! Best, Cathy Dr. Catherine J Ullman Information Security Analyst Information Security Office University at Buffalo <mailto:cende () buffalo edu> cende () buffalo edu
Attachment:
smime.p7s
Description:
Current thread:
- Phishing awareness upon account reset Ullman, Catherine (Apr 05)
- Re: Phishing awareness upon account reset Santabarbara, Angelo (Apr 05)
- Re: Phishing awareness upon account reset Ullman, Catherine (Apr 05)
- Re: Phishing awareness upon account reset Santabarbara, Angelo (Apr 05)
- Re: Phishing awareness upon account reset Ullman, Catherine (Apr 05)
- Re: Phishing awareness upon account reset Santabarbara, Angelo (Apr 05)