Comments on: Phishing your own users? http://infosecplace.com/blog/2007/01/08/phishing-your-own-users/ Commentary on the State of Information Security Sun, 10 Jan 2010 16:13:08 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Marcin Wielgoszewski http://infosecplace.com/blog/2007/01/08/phishing-your-own-users/comment-page-1/#comment-6828 Marcin Wielgoszewski Tue, 09 Jan 2007 15:37:47 +0000 http://infosecplace.com/blog/2007/01/08/phishing-your-own-users/#comment-6828 A couple other things to consider regarding this kind of testing: How is the information going to be handled afterward? How do they plan on scheming their users? If they send out Ebay, Bank of America, or Chase phishing emails, the data they might get back could be very sensitive. Like you said, incriminating users just makes them hate you even more. We don't need anymore hate, hehe :p A couple other things to consider regarding this kind of testing: How is the information going to be handled afterward? How do they plan on scheming their users? If they send out Ebay, Bank of America, or Chase phishing emails, the data they might get back could be very sensitive.

Like you said, incriminating users just makes them hate you even more. We don’t need anymore hate, hehe :p

]]> By: tssci security » This is horrible, this idea: “Phishing your own users” http://infosecplace.com/blog/2007/01/08/phishing-your-own-users/comment-page-1/#comment-6811 tssci security » This is horrible, this idea: “Phishing your own users” Tue, 09 Jan 2007 05:13:22 +0000 http://infosecplace.com/blog/2007/01/08/phishing-your-own-users/#comment-6811 [...] I see Michael Farnum has responded to Terry Sweeney’s blog post on Phishing your own users. I would just like to remind everyone that while intentions may be good, remember the times people have tried this tactic with viruses. How many times did someone write a virus that removes viruses or one that enables a security feature? Or how about testing the effectiveness of an anti-virus solution by distributing to users a file (containing a virus) that says “DO_NOT_OPEN_ME” ? [...] [...] I see Michael Farnum has responded to Terry Sweeney’s blog post on Phishing your own users. I would just like to remind everyone that while intentions may be good, remember the times people have tried this tactic with viruses. How many times did someone write a virus that removes viruses or one that enables a security feature? Or how about testing the effectiveness of an anti-virus solution by distributing to users a file (containing a virus) that says “DO_NOT_OPEN_ME” ? [...]

]]>