Educause Security Discussion mailing list archives
Re: Response to phishing e-mails
From: Brad Judy <brad.judy () CU EDU>
Date: Mon, 27 Oct 2014 19:06:37 +0000
Bob, I really like your tracking sheet - I do something similar here for our much smaller volume (small population - just administrative staff). I assume Column B is the "From" address and perhaps column F is the "Reply-to" address? Is column D the number of recipients (or maybe number of people who reported it)? I might borrow a couple of your columns and if I may suggest, I also have columns in mine for the date is was reported to: domain/site owner, Google, Microsoft, PhishTank, Symantec (our AV vendor). I have a column for the filename of a screenshot of the webpage (if appropriate) and keep a folder of those screenshots. I also have a folder of copies of the full raw messages so I preserve headers and such. Brad Judy Director of UIS Security University Information Systems University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu [cu-logo_fl] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn Sent: Monday, October 27, 2014 12:31 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Response to phishing e-mails Coincidentally, I just gave a presentation at a security conference on what we do (which is to ENCOURAGE those reports). See: https://it.wiki.usu.edu/CreatingPhish-ResistantInternetSkeptics And also take a look at our log of reported phish message, over 4000 in the past year, at: https://docs.google.com/spreadsheet/ccc?key=0AlMnxApOMKl_dEhVa3RCRG5uclVZNFZrY3hOSmFpaUE&usp=sharing Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University Do you know the "Skeptical Hover Technique" and how to tell where a web link really goes? See: https://it.usu.edu/computer-security/computer-security-threats/articleID=23737<%20https:/it.usu.edu/computer-security/computer-security-threats/articleID=23737> ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Leland Lyerla [llyerla () UU EDU] Sent: Monday, October 27, 2014 12:23 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Response to phishing e-mails As they become more aware of how to identify phishing e-mails, our faculty and staff let us know via e-mail when they come across one in their in-box. I do not want to discourage their vigilance, but I would appreciate any suggestions on how to manage/respond to these messages. Leland
Current thread:
- Response to phishing e-mails Leland Lyerla (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Roger A Safian (Oct 27)
- Re: Response to phishing e-mails Manjak, Martin (Oct 27)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Garmon, Joel (Oct 27)
- Re: Response to phishing e-mails Thomas Carter (Oct 28)
- Re: Response to phishing e-mails Robert Meyers (Oct 28)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 28)
- Re: Response to phishing e-mails Brandon Hume (Oct 28)
- Re: Response to phishing e-mails Thomas Carter (Oct 29)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)