- * We had an alert clerk notice that "something was off" when 3 people tried to sweet talk their way into a storage area. She flirted with them, while her co-worker called campus security. The cops had the penetration team spread and handcuffed before they could present their "Get Out Of Jail" documentation. Even then, they kept them handcuffed, until the cops called and verified the documentation. It was the first time that the penetration team had EVER had to use their documentation. I personally called and thanked everybody. I also arranged for the clerk to get a 2 pound box of the local Blue Bird Chocolates: http://bluebirdcandy.com/
- * When we started our "Internet Skeptic" awareness campaign: https://it.usu.edu/computer-se... we would send a coupon for a free Aggie Ice Cream Cone: http://aggieicecream.usu.edu/ to the first person to report a new phish.
- * Later, we found that prompt, public thanks worked as well as ice cream. We would promptly analyse every report, and then send out 2 sets of emails. The first would be the thank-you to the reporter. It included: Personalized thanks; A description of the scam; A report of how many others at USU were warned, thanks to their alertness. The second set of email would go out to everybody who had received a copy of the phishing scam. It included: A notification that the prior message was a fraud; Instructions for how to recover, if they had fallen for the fraud; A report of how many others also received the phish; A public acknowledgement of the alert reporter.
- * This spring, we had a "Phishing Tournament" with various awards for reporting fraudulent emails. The grand prize was a tackle box full of goodies.
The small amount we spend on thanks was more than repaid by the savings created by a community of alert, careful internet skeptics.