Re: FYI: Another round of spear Phishing

[Bob Bayn <Bob.Bayn () USU EDU>]

> We have been targeted by three separate spear phishing attacks in the
> past
> six weeks.  In spite of our efforts to filter incoming email, and to
> warn our campus community about these messages and not to respond to
> them, we have had a least 2 accounts (that we know about) hijacked and
> used to send spam.  Right now our reputation scores are in the toilet.

We actually have an accidentally helpful feature that helps us
in this situation.  I didn't recognize it until we intercepted a
reply by one of our faculty to the recent phish message.  Our users
login to their email (exchange) with an ID number that is not the
username that anyone sees.  The Phish asked for email username
and password and the staff member provided that info.  But that
username isn't what works with that password to login to the email
account.  A determined phish hacker might use the info received to
do some hunting or social engineering to get the ID number but they
are more likely to write the response off as intentional misinformation
and move on to the next response to their phish.

Every once in a while unintended consequences are good.

--
Bob Bayn  ride-a-bike (435)797-2396
Network Security Team coordinator
Office of Information Techology
Utah State University