Skip to main content

 Phishing for Good with Red Herring

Have any Nigerian princes asked you to share your cookie recipes lately? Or maybe someone you've never met is sending you an important PDF you need to open right this second or you'll lose your TikTok account.

Yeah, that might have been a criminal phishing for sensitive information. Or, it might have been a cybersecurity team working to keep you on your toes with the help of the Red Herring application created by the San Diego County Office of Education (SDCOE). The Red Herring platform is now being used by 18 county offices of education across the state and its usage is rapidly expanding.

SDCOE's Integrated Technology Services team has been quietly working for a few years to create the web-based application that allows organizations to create, schedule, and launch fake phishing emails that are linked to training resources, which aim to raise awareness about phishing and educate employees about everyday cybersecurity threats. 

So, that suspicious email you got may have been a clever training tool.

"Phishing attacks continue to make the headlines, and unfortunately, K-12 institutions are not exempt," said Terry Loftus, assistant superintendent and chief technology officer. "Leveraging Red Herring, our new phishing simulation platform, districts and county offices of education can efficiently assess staff security awareness as well as provide effective phishing awareness training, all in one solution."

The project started when Integrated Technology Services leadership looked into buying a program to send fake phishing emails and provide training but found it to be cost-prohibitive. Instead, they decided SDCOE should build its own and offer a low-cost alternative to other educational agencies.

"Red Herring basically works as a reminder and a refresher about online safety," said Ali Maroufi, cybersecurity officer. "Our goal is not to catch people clicking links. We're reminding people to be aware, and when you're really busy and in the heat of the moment, keep in mind what actions online may be unsafe."