A Phish Tale

So, in the IT world of Higher Education, we spend a lot of time saving people from themselves. My current favorite phish tale involves the student who responded to a phishing attempt then blamed us for letting the phish through. While we try our best to prevent spam, spam exists and flourishes. The part of the story that is of real interest has to do with this specific phish experience. The student in question received an email allegedly from a local bank. The email suggested that he enter a contest they were having for their clients. He does not do his banking at this bank. The bank's URL had an extraneous "q" in its name and was clearly in China. Again this is a regional bank we are talking about. The contest required that he enter the following information (which he readily provided): name, dob, SSN, address, mother's maiden name, checking account number, routing number, account password, ATM number, pin number, credit card number, and credit card security code. But, it was our fault he entered this protected information. He should never have been put in such a predicament.
Part of my job involves trying to educate the college masses about safe computer practices. We had an entire campaign focused on phishing attempts and the free credit monitoring service we offer our students and employees. So, now I am beginning a new campaign.
I decided to embrace the innate sense of the ridiculous that I feel about having to spread common sense. We are doing retro 50s hygiene parodies. These will be for everything from avoiding phishing attempts to warnings against illegal file sharing. I am pretty excited. I like having these ah-ha creative moments and then having talented designer types make my vision a reality. It feels good. Even if at the end of the day some idiot is still going to do something stupid.