Educause Security Discussion mailing list archives
Re: Mitigating Phishing Attacks
From: "Bateman, Darrell" <darrell.bateman () TTU EDU>
Date: Fri, 16 Nov 2012 14:22:05 +0000
We use similar procedures in our Service Desk as some of the others here who have commented. Additionally, we do the following: 1. Insert a warning message in red at the top of incoming emails that have certain keywords used to collect login credentials. Users get an NDR if they try to reply to an email that has the warning message inserted, unless they first remove the warning text. This used to be fairly effective, but now spammers use URL’s and entice users to click on them, rendering this control less effective. 2. We use outbound spam filtering to block much of the spam that results from compromised accounts. 3. We have a procedure for repeat “victims” of phishing attacks. We have considered requiring 2nd factor authentication for OWA, required when a user logs in from a new computer and/or IP address. The 2nd factor would be the user’s secret question or a code sent to the user’s mobile phone. This would be a large undertaking to implement, but it would have other security benefits. I welcome any comments from this group on the effectiveness of this proposed strategy. Also, if anyone out there has a network-based DLP solution in place, does it effectively detect and block entry of local user credentials to a foreign host? -------------------------------------- Darrell Bateman Assistant Vice President for IT and ISO Office of the Chief Information Officer Information Technology Division Texas Tech University From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christopher Jones Sent: Wednesday, November 14, 2012 2:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Mitigating Phishing Attacks _____ We have experienced a number of targeted phishing attacks recently. Because the most recent phish led its victims to provide their network credentials via a realistic looking OWA logon page, we took the following steps to deal with some resultant compromised accounts: · immediately reset the passwords for the affected accounts, · restarted, the IIS service to stop any active webmail sessions · alerted the user community It got me to wondering how other institutions deal with similar situations where user accounts have been compromised. If anyone would care to share, I would be interested how you have handled similar situations. It would be useful to know your top 3 strategies for preventing and mitigating such occurrences. Thanks. Christopher Jones IT Security Analyst University of the Fraser Valley Christopher.Jones () ufv ca<mailto:Christopher.Jones () ufv ca>
Current thread:
- Mitigating Phishing Attacks Christopher Jones (Nov 14)
- Re: Mitigating Phishing Attacks Jason Gates (Nov 14)
- Re: Mitigating Phishing Attacks King, Ronald A. (Nov 14)
- Re: Mitigating Phishing Attacks Amanda Williams (Nov 14)
- Re: Mitigating Phishing Attacks Steven Tardy (Nov 14)
- Re: Mitigating Phishing Attacks Joel Rosenblatt (Nov 14)
- Message not available
- Re: Mitigating Phishing Attacks Drew Perry (Nov 15)
- Re: Mitigating Phishing Attacks Valdis Kletnieks (Nov 18)
- Re: Mitigating Phishing Attacks Bob Bayn (Nov 14)
- Re: Mitigating Phishing Attacks Bateman, Darrell (Nov 16)
- Re: Mitigating Phishing Attacks Christopher Jones (Nov 19)
- <Possible follow-ups>
- Re: Mitigating Phishing Attacks Conlee, Keith (Dec 04)
- Re: Mitigating Phishing Attacks Tonkin, Derek K (Dec 04)
- Re: Mitigating Phishing Attacks Oscar Knight (Dec 04)
- Re: Mitigating Phishing Attacks Tonkin, Derek K (Dec 04)
- Mitigating Phishing Attacks Conlee, Keith (Dec 04)