Educause Security Discussion mailing list archives
Re: Mitigating Phishing Attacks
From: Amanda Williams <akwilliams () PITTSTATE EDU>
Date: Wed, 14 Nov 2012 15:48:33 -0600
Our process if very similar to Ronald's but we also notify the direct supervisor and their Dean. Amanda Williams IT Security Officer Pittsburg State University 620.235.4657 ----- Original Message ----- From: "Ronald A. King" <raking () NSU EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Wednesday, November 14, 2012 2:56:17 PM Subject: Re: [SECURITY] Mitigating Phishing Attacks We have too seen a few recently. Within an hour or two of a user responding to a message, we start to see the user’s account sending SAPM. We immediately change the password and disconnect the session. We reset any password reset profiles. We notate the account using an support system ticket number created for said actions so our support folks know. Our help desk team will inform the user they need to speak to the security group and resets their password. When we talk to the user, we inform them of what happened, remind them of their annual training they are required to take, and try to further reinforce safe online habits. We instruct the user on the cost that could be incurred if our organization were to suffer loss in monies and/or reputation. We inform them that their single action could land our institution on blacklist requiring our IT support folks to work tirelessly with different entities trying to convince them we aren’t intentionally trying to act maliciously, and, that we are safe to do business with. If needed, we will reset enable their account without resetting their password a third time. There is a documented procedure should we have to produce it. Ronald King Security Engineer Norfolk State University http://security.nsu.edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christopher Jones Sent: Wednesday, November 14, 2012 3:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Mitigating Phishing Attacks We have experienced a number of targeted phishing attacks recently. Because the most recent phish led its victims to provide their network credentials via a realistic looking OWA logon page, we took the following steps to deal with some resultant compromised accounts: · immediately reset the passwords for the affected accounts, · restarted, the IIS service to stop any active webmail sessions · alerted the user community It got me to wondering how other institutions deal with similar situations where user accounts have been compromised. If anyone would care to share, I would be interested how you have handled similar situations. It would be useful to know your top 3 strategies for preventing and mitigating such occurrences. Thanks. Christopher Jones IT Security Analyst University of the Fraser Valley Christopher.Jones () ufv ca
Current thread:
- Mitigating Phishing Attacks Christopher Jones (Nov 14)
- Re: Mitigating Phishing Attacks Jason Gates (Nov 14)
- Re: Mitigating Phishing Attacks King, Ronald A. (Nov 14)
- Re: Mitigating Phishing Attacks Amanda Williams (Nov 14)
- Re: Mitigating Phishing Attacks Steven Tardy (Nov 14)
- Re: Mitigating Phishing Attacks Joel Rosenblatt (Nov 14)
- Message not available
- Re: Mitigating Phishing Attacks Drew Perry (Nov 15)
- Re: Mitigating Phishing Attacks Valdis Kletnieks (Nov 18)
- Re: Mitigating Phishing Attacks Bob Bayn (Nov 14)
- Re: Mitigating Phishing Attacks Bateman, Darrell (Nov 16)
- Re: Mitigating Phishing Attacks Christopher Jones (Nov 19)
- <Possible follow-ups>
- Re: Mitigating Phishing Attacks Conlee, Keith (Dec 04)
- Re: Mitigating Phishing Attacks Tonkin, Derek K (Dec 04)
- Re: Mitigating Phishing Attacks Oscar Knight (Dec 04)
- Re: Mitigating Phishing Attacks Tonkin, Derek K (Dec 04)