On Wed, 9 May 2018, Vincent Fox wrote:
I see an interesting dichotomy.
Students are on Google, fac/staff on O365 now.
Guess which group is phished most often?
If you said students, bzzzt.
It’s the O365 users, by a large margin. Faculty and staff should be best
trained. Also protected by “Advanced Threat Protection”.
Our university drank the Microsoft Kool-Aid completely and threw everybody into
the O-365 ocean. (except for us already entrenched hold-outs ;).
We've seen a major up-tick of phished O-365 accounts of all flavors (faculty,
staff, students).
I attribute it to several factors:
1) phish attacks have become increasingly sophisticated (quality of duplicating
'sign in' sites, looking a institutional service announcements so they can craft
credible decptive scenarios, etc).
2) the 'Outlook' mail client hides technical details of messages and makes it
hard to determine the validity of a messages
3) O-365/Exchange has a "Big Brother" attitude to RFC mail info, it wants to
'bowdlerize' those ugly messages and replace them with simplistic, soothing
verbiage to not confuse the end users.
4) Less technical sophistication of the server side filtering VS google.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
