Educause Security Discussion mailing list archives
Phishing Paranoia
From: Dana Kilcrease <danak () DANAK DEV>
Date: Fri, 4 Dec 2020 15:09:36 +0000
We run regular security awareness training focused largely on simulated phishing campaigns. Overall, the response has been great, and awareness has gone up over the years. However, we have a growing number of users who continue to over report "suspicious" emails, to the point that any corporate communications are typically followed by dozens of phone calls to our Helpdesk reporting these communications as suspicious, even if they do not contain any of the red flags we teach through our training. Has anyone faced this with their training campaigns? Any insight as to how to strike the best balance to ensure users are reading emails critically, rather than blindly reporting anything that is remotely outside of their day-to-day? Dana Kilcrease Director, Information Security Berkeley College ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Phishing Paranoia Dana Kilcrease (Dec 04)
- Re: Phishing Paranoia Jason Edelstein (Dec 04)
- Re: Phishing Paranoia Dave Broucek (Dec 04)
- <Possible follow-ups>
- Re: Phishing Paranoia Dana Kilcrease (Dec 04)
- Re: Phishing Paranoia Glenn Forbes Fleming Larratt (Dec 04)
- Re: Phishing Paranoia Jason Edelstein (Dec 04)