Educause Security Discussion mailing list archives
Re: Recent Phishing Uptick
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 20 Feb 2014 03:03:06 +0000
We use Cisco Ironports to filter our email stream. I could go into a little bit of detail tomorrow for users of similar equipment offline. Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University Do you know the "Skeptical Hover Technique" and how to tell where a web link really goes? See: https://it.usu.edu/computer-security/computer-security-threats/articleID=23737 ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Gary Warner [gar () CIS UAB EDU] Sent: Wednesday, February 19, 2014 7:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Recent Phishing Uptick Bob, Your "Modify the spam before delivering" trick is awesome! Which mailsystem are you using, and can you share a bit more about your technique? Thanks! ---------------------------------------------------------- Gary Warner Director of Research in Computer Forensics The University of Alabama at Birmingham Center for Information Assurance and Joint Forensics Research 205.422.2113 gar () cis uab edu ----------------------------------------------------------- ----- Original Message ----- From: "Bob Bayn" <bob.bayn () USU EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Wednesday, February 19, 2014 8:53:14 PM Subject: Re: [SECURITY] Recent Phishing Uptick Speaking of phishing forms on the free hosting sites We watch for a couple dozen of those hostnames in email messages and add this warning at the top of the message before delivering it: Warning: Do not enter your USU A-Number and password on any web form linked from this email message. This warning has been inserted here by Utah State University's IronPort Spam Filter System. The USU spam filter has detected in the message below a link to a web form hosting service ( link ) that is SOMETIMES used by "phishers" to get your email address and password for their use. You must decide if the link might serve some other legitimate purpose that is important to you. Thanks for being an Internet Skeptic! For information about why this warning was added to this message see: https://it.usu.edu/computer-security/be-an-internet-skeptic/form-services/ ==== ORIGINAL MESSAGE BEGINS BELOW THIS LINE ==== and I get a Bcc: of the message and report the link to the hosting site. Some hosts are very prompt (minutes) about disabling the form while others can take a day or more. Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University Do you know the "Skeptical Hover Technique" and how to tell where a web link really goes? See: https://it.usu.edu/computer-security/computer-security-threats/articleID=23737
Current thread:
- Re: Recent Phishing Uptick, (continued)
- Re: Recent Phishing Uptick Bob Bayn (Feb 19)
- Re: Recent Phishing Uptick Peter Setlak (Feb 19)
- Re: Recent Phishing Uptick Bob Bayn (Feb 19)
- Re: Recent Phishing Uptick Peter Setlak (Feb 19)
- Re: Recent Phishing Uptick Gary Warner (Feb 19)
- Re: Recent Phishing Uptick Peter Setlak (Feb 19)
- Re: Recent Phishing Uptick Bob Bayn (Feb 19)
- Re: Recent Phishing Uptick David Curry (Feb 19)
- Re: Recent Phishing Uptick Shettler, David (Feb 19)
- Re: Recent Phishing Uptick Bob Bayn (Feb 19)
- Re: Recent Phishing Uptick Bob Bayn (Feb 19)
- Re: Recent Phishing Uptick Gary Warner (Feb 19)
- Re: Recent Phishing Uptick Bob Bayn (Feb 19)
- Re: Recent Phishing Uptick Brandon Hume (Feb 20)
- Re: Recent Phishing Uptick Roger A Safian (Feb 20)
- Re: Recent Phishing Uptick Paul Chauvet (Feb 20)
- Re: Recent Phishing Uptick Derek Diget (Feb 20)
- Re: Recent Phishing Uptick Shettler, David (Feb 19)
- Re: Recent Phishing Uptick David Curry (Feb 20)
- Re: Recent Phishing Uptick Frank Barton (Feb 20)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick David Curry (Feb 20)