Educause Security Discussion mailing list archives

Re: Notifying organizations when you receive phishing e-mails from them

From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Fri, 25 Jan 2013 16:32:36 +0000

I usually try abuse@ if the site sending the phishing seems like they might take some action.  I also look at ARIN and 
get the security contact if need be.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tonkin, 
Derek K
Sent: Friday, January 25, 2013 10:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Notifying organizations when you receive phishing e-mails from them

Does anyone try to reach out to the IT departments of organizations you receive phishing e-mails from?  We received 
some today that is coming from an @nih.gov account and I was trying to determine how I could notify them.  I got to 
thinking that it might be a worthwhile to build a page on our website where we could allow outside organizations to 
report spam/phishing messages from accounts on our domain.  Has anyone else done this or even considered it?

Thanks!
___________________________________________________________
DEREK TONKIN
Information Security Analyst
ITS - Networking Systems
DPKG Suite 117.3
(254) 710-7061
Derek_Tonkin () Baylor edu<mailto:Derek_Tonkin () Baylor edu>

External Mailing Address
One Bear Place #97268
Waco, TX 76798-7268
[Description: bearawarefinal]

Current thread:

Notifying organizations when you receive phishing e-mails from them Tonkin, Derek K (Jan 25)
- Re: Notifying organizations when you receive phishing e-mails from them Roger A Safian (Jan 25)
  - Re: Notifying organizations when you receive phishing e-mails from them Jacobson, Dick (Jan 25)
- Re: Notifying organizations when you receive phishing e-mails from them Lorenz, Eva (Jan 25)
- Re: Notifying organizations when you receive phishing e-mails from them Bob Bayn (Jan 25)