New Posts  All Forums:Forum Nav:

"Phish" test emails

post #1 of 5
Thread Starter 
I ask out of a desire to keep maintain the credibility of my schools email system if you approve or disapprove of sending emails market "URGENT"! telling students that you are relaying a message from our online instructor asking that we go register with our school credentials at a new website as the old will be down for a while? The hoax was by a student trying to see who would bite and disclose their credentials.

I did not so mind the phish but this is the same system that tells us of an emergency on campus so I objected to the use of the school email system as I want students to believe all communication that comes over this system, perhaps their lives depend on it. No one need agree with me, I am simply asking if this is an abuse in your eyes.
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
post #2 of 5
This is an abuse, if you're the admin, then you should be limiting student accounts to a maximum number of recipients, say just over the size of a class.
Ryzen 5 1600
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 5 1600 MSI B350 Gaming Plus Gigabyte GeForce GTX 1060 WINDFORCE2 OC 16GB (2x8GB) Corsair DDR4 Vengeance LED, PC4-24... 
Hard DriveHard DriveCoolingOS
256GB Samsung PM961 Polaris M.2 NVMe  1TB Toshiba DT01ACA100 3.5" HDD, SATA III  Cooler Master Hyper 212 Evo Windows 10 64 
KeyboardPowerCaseMouse
Unicomp Model M 650W EVGA SuperNOVA G1, 80PLUS Gold, Full Modular Kolink Luminosity Cooler Master Reaper Aluminium 
  hide details  
Reply
Ryzen 5 1600
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 5 1600 MSI B350 Gaming Plus Gigabyte GeForce GTX 1060 WINDFORCE2 OC 16GB (2x8GB) Corsair DDR4 Vengeance LED, PC4-24... 
Hard DriveHard DriveCoolingOS
256GB Samsung PM961 Polaris M.2 NVMe  1TB Toshiba DT01ACA100 3.5" HDD, SATA III  Cooler Master Hyper 212 Evo Windows 10 64 
KeyboardPowerCaseMouse
Unicomp Model M 650W EVGA SuperNOVA G1, 80PLUS Gold, Full Modular Kolink Luminosity Cooler Master Reaper Aluminium 
  hide details  
Reply
post #3 of 5
Some thoughts on this.

1. If there needs to be a legitimate communication that goes out to all students, it needs to get there somehow. If you don't allow it on the mail system, how is it going to get there?

2. All student wide emails should come from a verified source.

3. We have a distribution group at work that has everyone in it, but it is locked down so only a few people can actually send emails to it.

I do think this instance would fall in the abuse category, but there also has to be some common since in the person that would actually send the email out. The reason I think this is abuse is it sounds like it would end up being illegal in the end; be it fraud, theft, or something else. You could have put yourself right in the middle of it.
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #4 of 5
Hah, definitely abuse. Especially highlighted by the fact the person in question was trying to obtain credentials for which they are not authorized.
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #5 of 5
Thread Starter 
As it sits now Campus Security (the Police) are having a discussion to come up with a policy of just when it is prohibited to use any part of an email system connected to the school to test out your phishing skills and the skills of others to recognize a phish attempt. The Dean has already shut down the credential gathering side of any phising attempt, be it a test or not. (the student says he was really only testing who would try to go register at the new site, the site was fictitous and could not collect credentials but if you left off just two letters of his fictitous site you were taken to a school site, which some did, and entered their credentials). My feeling is people should know they can be phished but when you make your test, stricter boundries need to be used. I want students to have a high degree of confidence in any email that comes to them via the schools system (this was a system within a system so it could be argued that this would not be the typical path for emergency notification). I don't know how many resources would be used to tell students of an emergency and a test like this damages the integrity of the system. It not like we were penetrated by stolen credentials, the student did it using his own name, legally logged on, it just that when people started replying that they thought a phish was going on he did not shut down his test.People called the schools Help Desk asking if the email was genuine and if they should register at the new site but the Help Desk knew nothing. At the very least a lot of peoples time was wasted sorting things out.
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security