Educause Security Discussion mailing list archives
Re: Response to phishing e-mails
From: Thomas Carter <tcarter () AUSTINCOLLEGE EDU>
Date: Tue, 28 Oct 2014 15:12:29 -0500
How has the response to this been? Our problem is those most likely to respond to a phishing attempt will do it before we can do anything about it. They’re also not likely to check against a list of phishing attempts. 99% of our problem is students; we require a one-on-one sit down security talk with students if we’ve found that they have responded. Yet we’ve even had repeat offenders. I (only half jokingly) suggest that the 3rd offence should involve removing all computer privileges and handing them a yellow legal pad and a pen as that is all they can be trusted with. Thomas Carter Network and Operations Manager Austin College 903-813-2564 [cid:image001.gif@01CFF2C1.97503620] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Garmon, Joel Sent: Monday, October 27, 2014 3:51 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Response to phishing e-mails We respond very similar to the DNS redirect and other technical means. We also have an iframe on several of our main web pages such as win.wfu.edu<http://win.wfu.edu> where we post recent phishing attempts so everyone can go there and check to see if it is phishing and has it been reported. [https://webmail.wfu.edu/cotd/cotd-images/mean-fish.png]Phishing Catch of the Day Thank you, Joel Garmon Director Information Security Wake Forest University 336-758-2972 On Mon, Oct 27, 2014 at 2:57 PM, Joel Anderson <joela () umn edu<mailto:joela () umn edu>> wrote: We absolutely encourage these reports - we even have a special email "phishing () umn edu<mailto:phishing () umn edu>" to receive the messages. This puts them in a special queue *and* gets a custom reply thanking and telling them how to give message headers (in case they didnt'). We block email replies, divert DNS to form pages as well as thanking the informants. In addition, we seed information into forms to discover where attackers are coming from if (when!) they are successful. I just put out a SANS paper on this process. -- -- --------------------------------------------------- joel anderson * joela () umn edu<mailto:joela () umn edu> * @joelpetera --> 612-625-7389<tel:612-625-7389> --> pager: 612-648-6823<tel:612-648-6823> Security Coordinator University Information Security - University of Minnesota
Current thread:
- Response to phishing e-mails Leland Lyerla (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Roger A Safian (Oct 27)
- Re: Response to phishing e-mails Manjak, Martin (Oct 27)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Garmon, Joel (Oct 27)
- Re: Response to phishing e-mails Thomas Carter (Oct 28)
- Re: Response to phishing e-mails Robert Meyers (Oct 28)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 28)
- Re: Response to phishing e-mails Brandon Hume (Oct 28)
- Re: Response to phishing e-mails Thomas Carter (Oct 29)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
- Re: Response to phishing e-mails Brandon Hume (Oct 29)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Robert Meyers (Oct 29)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Paul Chauvet (Oct 29)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
- Re: Response to phishing e-mails Brandon Hume (Oct 29)