66% or better

ShmooCon 2008: Unauthorized Phishing Awareness Exercise


[Syn Phishus] presented a pretty interesting talk. At $former_company he prepared and executed a rogue internal exercise designed to heighten awareness of phishing scams. (That is, attempts to gather personal information from users with trickery.) After noting a certain lack of effort on the part of security policy implementation, he put together an official looking email, set up a simple phishing site that didn’t actually store any collected information and set loose the dogs of war. OK, he actually sent it to a select group within the company without warning anyone else ahead of time. He purposely didn’t store any of the results to protect the foolish, but he estimates that maybe 10% of the recipients fell for it.

Comments

  1. macegr says:

    why does he have to “estimate maybe 10%”, wouldn’t it be a simple calculation involving the number of emails he sent out versus the number of times the “submit” button was pressed?

  2. ian says:

    seriously macegr…

  3. macegr says:

    i think it’s a valid question, this is a conference about security, suspicion, and social engineering (e.g. fast talkers). once you start to make statements without citing facts, how is the audience supposed to figure out what actually happened versus what just sounds good at a hacker convention?

  4. conrad says:

    that is a valid question. “estimates that maybe 10%” is rather vague.

  5. Since his goal was awareness rather than user intelligence testing, he set up the form to do the same thing if submit or cancel were clicked. Many people hit the site several times, so simple hit counting didn’t reveal any usable numbers. (Users were behind a proxy, so IP address counting wasn’t an option either.

  6. macegr says:

    good clarification, thanks. it just struck me as weird only because it seemed like such an easy metric to get.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s