Educause Security Discussion
mailing list archives
Re: Small cheap custom phishing
From: Steve Bohrer <skbohrer () SIMONS-ROCK EDU>
Date: Tue, 12 Nov 2013 19:11:28 -0500
On Nov 12, 2013, at 6:52 PM, Pete Hickey <pete () SHADOWS UOTTAWA CA> wrote:
Ok... you have three that were caught... Out of how many sent?
Think of this... if there were only 3 caught aout of 100, that<s 97%
of people not fooled.... In any other kind of thing, 97% success
would be considered FANTASTIC! Look at a normal curve. You'll
always have some on the fringe.
In general, most people are smarter than we 'security people'
give them credit for.
Thanks, but, unfortunately, I don't actually have any way to know how many were caught, until they start sending
spam…so the percentage may go up a bit!
The PHP Forms people took down the target page quite quite quickly yesterday evening -- our tip off was that we
received the phish messages in our own mailboxes, and also got concerned notes from several faculty and staff who
recognized it as a pretty good attempt. The bad guys started spamming from their first account last night about 2 AM,
and then fired off from the second at about 10 AM, and ran their attack towards Rider at about 4 PM this afternoon.
So, we're not sure how many more accounts they might have ready-to-go. But, so far, all the ones they got were alums
from the 2002-03 era, which was really before we were doing anti-phish user education, or at least before I was here
ITS, Bard College at Simon's Rock