Educause Security Discussion mailing list archives
Re: Self-Phishing - Pre Launch Messages
From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Tue, 15 Nov 2016 19:36:13 +0000
Greetings, Here are two relevant resources developed by the community about phishing simulation programs and campaigns: A blog post by Brad Judy about “Phishing Your Users”: https://er.educause.edu/blogs/2016/4/phishing-your-users This document briefly explains the benefits and potential risks of deploying a phishing simulation program, and also includes a list of popular phishing simulation programs or tools to consider. https://library.educause.edu/resources/2016/4/phishing-simulation-programs Thank you, Valerie Valerie Vogel Program Manager, Cybersecurity EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/> From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Eric Weakland <eric () american edu<mailto:eric () american edu>> Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Tuesday, November 15, 2016 at 11:27 AM To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] Self-Phishing - Pre Launch Messages James, We started out telling people exactly – down to the Date and exact time when we would start the campaign. Then just the day. Then “latter half of the week.” Then “this week.” Then “this month.” Now we’re down to notifying that it would happen throughout the semester. Notifying in Fall and after Winter break. I think “boiling the frog” is a good strategy here. We haven’t had many complaints, but a word of advice – be careful using some of the phishing templates that vendors have that use a scare tactic saying “A hacker stole your password” – this prompted some faculty anger when they fell for it and reset all their passwords and had to deal with the pain of that. Hope this helps, Eric Weakland, CISSP, CISM, CRISC Director, Information Security Office of Information Technology American University eric at american.edu 202.885.2241 _____________________________________________ Emails from IT asking you to log in with a link are scams! From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of James Farr <jfarr () UTICA EDU<mailto:jfarr () UTICA EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Tuesday, November 15, 2016 at 11:19 AM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Self-Phishing - Pre Launch Messages We are exploring self-phishing options with our faculty staff andpossible students. Wewant to provide notification to the users about the program before we send any actual phishing messages. We are thinking that notifications should be mentioned at orientation with an annual email reminder. How often do you notify your users about the self-phishing program? Can anyone share examples of campus notifications sent out prior to implementing this type of program? James Farr ’05 G’12 Director of Information Security Utica College jfarr () utica edu<mailto:jfarr () utica edu> 315-223-2386
Current thread:
- Self-Phishing - Pre Launch Messages James Farr (Nov 15)
- Re: Self-Phishing - Pre Launch Messages David D Grisham (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Jimenez, Julio (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Shettler, David (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Rob Milman (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Eric Weakland (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Valerie Vogel (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Sweeney, Sean (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Eric Weakland (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Tamara Bahr (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Valerie Vogel (Nov 15)
- Re: Self-Phishing - Pre Launch Messages James Farr (Nov 15)
- Re: Self-Phishing - Pre Launch Messages David D Grisham (Nov 15)