Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Small cheap custom phishing
From: Steve Bohrer <skbohrer () SIMONS-ROCK EDU>
Date: Tue, 12 Nov 2013 19:11:28 -0500

On Nov 12, 2013, at 6:52 PM, Pete Hickey <pete () SHADOWS UOTTAWA CA> wrote:

Ok... you have three that were caught... Out of how many sent?
100?... 200?...
Think of this... if there were only 3 caught aout of 100, that<s 97% 
of people not fooled....  In any other kind of thing, 97% success
would be considered FANTASTIC!  Look at a normal curve.  You'll
always have some on the fringe.

In general, most people are smarter than we 'security people'
give them credit for.

Thanks, but, unfortunately, I don't actually have any way to know how many were caught, until they start sending 
spam…so the percentage may go up a bit!

The PHP Forms people took down the target page quite quite quickly yesterday evening -- our tip off was that we 
received the phish messages in our own mailboxes, and also got concerned notes from several faculty and staff who 
recognized it as a pretty good attempt. The bad guys started spamming from their first account last night about 2 AM, 
and then fired off from the second at about 10 AM, and ran their attack towards Rider at about 4 PM this afternoon. 

So, we're not sure how many more accounts they might have ready-to-go. But, so far, all the ones they got were alums 
from the 2002-03 era, which was really before we were doing anti-phish user education, or at least before I was here 
doing it.

Steve Bohrer
ITS, Bard College at Simon's Rock

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]