Educause Security Discussion mailing list archives

Re: Response to phishing e-mails

From: Brad Judy <brad.judy () CU EDU>
Date: Mon, 27 Oct 2014 19:06:37 +0000

Bob,

I really like your tracking sheet - I do something similar here for our much smaller volume (small population - just 
administrative staff).  I assume Column B is the "From" address and perhaps column F is the "Reply-to" address?  Is 
column D the number of recipients (or maybe number of people who reported it)?

I might borrow a couple of your columns and if I may suggest, I also have columns in mine for the date is was reported 
to: domain/site owner, Google, Microsoft, PhishTank, Symantec (our AV vendor).  I have a column for the filename of a 
screenshot of the webpage (if appropriate) and keep a folder of those screenshots.  I also have a folder of copies of 
the full raw messages so I preserve headers and such.


Brad Judy

Director of UIS Security
University Information Systems
University of Colorado
1800 Grant Street, Suite 300
Denver, CO  80203
Office: (303) 860-4293
Fax: (303) 860-4302
www.cu.edu

[cu-logo_fl]



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn
Sent: Monday, October 27, 2014 12:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Response to phishing e-mails

Coincidentally, I just gave a presentation at a security conference on what we do (which is to ENCOURAGE those 
reports).  See:  https://it.wiki.usu.edu/CreatingPhish-ResistantInternetSkeptics

And also take a look at our log of reported phish message, over 4000 in the past year, at:
https://docs.google.com/spreadsheet/ccc?key=0AlMnxApOMKl_dEhVa3RCRG5uclVZNFZrY3hOSmFpaUE&usp=sharing

Bob Bayn      SER 301      (435)797-2396    IT Security Team
Office of Information Technology,         Utah State University
    Do you know the "Skeptical Hover Technique" and
    how to tell where a web link really goes?  See:
    
https://it.usu.edu/computer-security/computer-security-threats/articleID=23737<%20https:/it.usu.edu/computer-security/computer-security-threats/articleID=23737>
________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Leland Lyerla 
[llyerla () UU EDU]
Sent: Monday, October 27, 2014 12:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Response to phishing e-mails
As they become more aware of how to identify phishing e-mails, our faculty and staff let us know via e-mail when they 
come across one in their in-box. I do not want to discourage their vigilance, but I would appreciate any suggestions on 
how to manage/respond to these messages.

Leland

Current thread:

Response to phishing e-mails Leland Lyerla (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
  - Re: Response to phishing e-mails Brad Judy (Oct 27)
    - Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Roger A Safian (Oct 27)
- Re: Response to phishing e-mails Manjak, Martin (Oct 27)
  - Re: Response to phishing e-mails Joel Anderson (Oct 27)
    - Re: Response to phishing e-mails Garmon, Joel (Oct 27)
    - Re: Response to phishing e-mails Thomas Carter (Oct 28)
    - Re: Response to phishing e-mails Robert Meyers (Oct 28)
    - Re: Response to phishing e-mails Nick Semenkovich (Oct 28)
    - Re: Response to phishing e-mails Brandon Hume (Oct 28)
    - Re: Response to phishing e-mails Thomas Carter (Oct 29)

(Thread continues...)