Educause Security Discussion mailing list archives
Re: FYI: Another round of spear Phishing
From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Fri, 27 Jun 2008 10:02:45 -0500
Clyde Hoadley wrote:
We have been targeted by three separate spear phishing attacks in the past six weeks. In spite of our efforts to filter incoming email, and to warn our campus community about these messages and not to respond to them, we have had a least 2 accounts (that we know about) hijacked and used to send spam. Right now our reputation scores are in the toilet.
See this list for discussion and more reports of attacks: http://catalist.lsoft.com/scripts/wl.exe?SL1=HIED-EMAILADMIN&H=LISTSERV.ND.EDU We are tracking the reply-to addresses here: http://code.google.com/p/anti-phishing-email-reply/ The list is useful for detecting users that reply to the phishing. You could also potentially use the list for scanning for incoming attacks, at your own risk. Please report the reply addresses to the hied-emailadmin list until we find a better way to collect them. Yahoo has been very good at shutting down the accounts in response to complaints. Microsoft and Google are essentially ignoring the complaints. Zack's jest of outsourcing email as a solution to the problem should not be taken seriously. Consider what other systems use the same login credentials. Sticking your head in the sand and hoping that your outsourcing vendor will be more effective than you at stopping the attacks/replies is reckless. Other techniques that have been useful for us, in addition to what was already said: - look for blocked/deferred messages in your outbound mail queues - look in your users' webmail signatures for suspicious content - make your anti-spam vendor aware of the incoming attacks and help them improve detection Jesse
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: FYI: Another round of spear Phishing, (continued)
- Re: FYI: Another round of spear Phishing ram smith (Jun 17)
- Re: FYI: Another round of spear Phishing Gary Warner (Jun 17)
- Re: FYI: Another round of spear Phishing Cal Frye (Jun 18)
- Re: FYI: Another round of spear Phishing Matthew Gracie (Jun 19)
- Re: FYI: Another round of spear Phishing Cal Frye (Jun 19)
- Re: FYI: Another round of spear Phishing Dean Halter (Jun 19)
- Re: FYI: Another round of spear Phishing Bob Bayn (Jun 19)
- Re: FYI: Another round of spear Phishing Curt Wilson (Jun 19)
- Re: FYI: Another round of spear Phishing Mclaughlin, Kevin (mclaugkl) (Jun 19)
- Re: FYI: Another round of spear Phishing Dean Halter (Jun 19)
- Re: FYI: Another round of spear Phishing Jesse Thompson (Jun 27)