Educause Security Discussion mailing list archives
Consistent threads for compromised accounts
From: Frank Barton <bartonf () HUSSON EDU>
Date: Wed, 8 Feb 2017 11:53:33 -0500
Good morning folks, we've been phished pretty heavily here at Husson, and we've been able to determine a couple of red-flags. I'm not sure that I want to publish those that we've found, but I'm wondering if anybody else has seen similar threads. - We've seen some "test" messages that seem to get sent to specific accounts when the account is first compromised - send-as addresses are changed (often giving us a trail to follow back) - we've seen a trend in the phishing URLs that are included in the messages. Thoughts? Thank You Frank -- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- Consistent threads for compromised accounts Frank Barton (Feb 08)
- Re: Consistent threads for compromised accounts Jim Cheetham (Feb 08)