Educause Security Discussion mailing list archives
Re: Response to phishing e-mails
From: Nick Semenkovich <nick () SEMENKOVICH COM>
Date: Tue, 28 Oct 2014 16:32:21 -0500
Ouch -- there's nothing to gain by blaming your users. Why would students care about a school e-mail they may rarely use, perhaps didn't want, and will likely disappear in a few years? Because it impacts some external spam score metric that's of little importance to them? I'm always reminded of this Microsoft Research paper when it comes to user phishing education: http://research.microsoft.com/pubs/80436/SoLongAndNoThanks.pdf User-education is a time sink that never ends. Implement good two-factor and phishing is a ~non-issue. - Nick On Tue, Oct 28, 2014 at 4:05 PM, Robert Meyers <REMeyers () mail wvu edu> wrote:
Some people refuse to change. They are too invested in bad decision making to even consider any other possibility. Bob Meyers remeyers () mail wvu edu *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Thomas Carter *Sent:* Tuesday, October 28, 2014 4:12 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Response to phishing e-mails How has the response to this been? Our problem is those most likely to respond to a phishing attempt will do it before we can do anything about it. They’re also not likely to check against a list of phishing attempts. 99% of our problem is students; we require a one-on-one sit down security talk with students if we’ve found that they have responded. Yet we’ve even had repeat offenders. I (only half jokingly) suggest that the 3rd offence should involve removing all computer privileges and handing them a yellow legal pad and a pen as that is all they can be trusted with. Thomas Carter Network and Operations Manager Austin College 903-813-2564 [image: AusColl_Logo_Email]
-- Nick Semenkovich Laboratory of Dr. Jeffrey I. Gordon Medical Scientist Training Program School of Medicine Washington University in St. Louis https://nick.semenkovich.com/
Current thread:
- Response to phishing e-mails Leland Lyerla (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Roger A Safian (Oct 27)
- Re: Response to phishing e-mails Manjak, Martin (Oct 27)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Garmon, Joel (Oct 27)
- Re: Response to phishing e-mails Thomas Carter (Oct 28)
- Re: Response to phishing e-mails Robert Meyers (Oct 28)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 28)
- Re: Response to phishing e-mails Brandon Hume (Oct 28)
- Re: Response to phishing e-mails Thomas Carter (Oct 29)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
- Re: Response to phishing e-mails Brandon Hume (Oct 29)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Robert Meyers (Oct 29)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Paul Chauvet (Oct 29)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
- Re: Response to phishing e-mails Brandon Hume (Oct 29)
- Re: Response to phishing e-mails Jones, Mark B (Oct 29)
- Re: Response to phishing e-mails Kalal, Robert (Bob) (Oct 29)