Educause Security Discussion mailing list archives
Re: Fraudulent Domain
From: "Menne, Michael S" <michael.menne () MNSU EDU>
Date: Mon, 24 Sep 2018 16:54:45 +0000
We have had a similar issue arise. Our domain is mnsu.edu. We have had a few phishing attempts come from mnsuu.com. Using that domain they have duplicated at least two e-mails and directed users to copies of our login pages. We haven’t requested takedown of the domains, but we have requested takedown of the sites when they pop-up. We have also blocked the domains through OpenDNS and Office 365 Advanced Threat Protection SafeLinks. Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 Are you ready for ransomware? Make sure your data is backed up and you're able to restore it! Learn more.<https://link.mnsu.edu/cyberaware> [cid:image001.png@01D341A0.236300E0] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Brad Judy Sent: Monday, September 24, 2018 11:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fraudulent Domain I’m battling an identical battle at the moment. So far, the registrar for the domain has not replied to my email and voicemail contacts with their abuse department. I’m curious to hear the other advice you receive. Brad Judy Information Security Officer Office of Information Security University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.cu.edu%2F&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C3789e1de1bba41afed7908d6223be123%7C0c0d13782eaf49c7afa98b40189a1b5c%7C0%7C0%7C636734037912140758&sdata=K0kE5NiKlSSdIkJPWmWhl%2BU1ZoD286BqMdlf7Fn2MxY%3D&reserved=0> [cu-logo_fl] From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of "Gomez, Joshua" <J.Gomez () SNHU EDU<mailto:J.Gomez () SNHU EDU>> Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Monday, September 24, 2018 at 9:12 AM To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Fraudulent Domain Hello Everyone, We have had a fraudulent domain pop up impersonating the University sending out fake Purchase Orders to suppliers. This website domain does not have an active website but we still reported the domain to reputation reference websites such as VirusTotal, ESET, Google Safe Browsing etc. We plan to contact the registrar of the website and having our legal team request a DMCA takedown notice. What other steps can we take to expedite having this fraudulent domain taken down? Thanks Josh Joshua Gomez | Consultant, Information Security Information Technology Solutions Physical Address: 1230 Elm Street, Manchester, NH 03101 Mailing Address: 2500 North River Road, Manchester, NH 03106 Office Phone: 603-626-9100 x7777 | Service Portal<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsnhu.service-now.com%2Fsp&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C3789e1de1bba41afed7908d6223be123%7C0c0d13782eaf49c7afa98b40189a1b5c%7C0%7C0%7C636734037912140758&sdata=fRuMWlslj3H4je27dEiCLYQRtFDs2JMYz3kdZ1paWGE%3D&reserved=0> [SNHU horizontal logo] Please consider the environment before printing this e-mail.
Current thread:
- Fraudulent Domain Gomez, Joshua (Sep 24)
- <Possible follow-ups>
- Re: Fraudulent Domain Brad Judy (Sep 24)
- Re: Fraudulent Domain Menne, Michael S (Sep 24)
- Re: Fraudulent Domain Jason Todd (Sep 24)
- Re: Fraudulent Domain Ryan Gallagher (Sep 24)
- Re: Fraudulent Domain Menne, Michael S (Sep 24)