Educause Security Discussion mailing list archives
Re: Phishing E-mail Procedures
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 26 Jan 2012 16:22:56 +0000
I have a sort of self-imposed process for handling phishing that goes like this: 1) part of our Internet Skeptic campaign includes encouraging people to forward recently received phish and other dangerous looking messages to phish () usu edu. They are also encouraged to forward all unblocked spam to our spam () usu edu address for automated reporting to Ironport, our spam firewall vendor. 2) I investigate, including checking our email delivery logs for other recipients. 3) I compile a list of those recipients and send them a message that explains the nature of the mischief including the misuse of the prior victims, and how to recover from mistakes the recipient might have already made (clicking on attachment or providing password). I congratulate those who ignored the scam and encourage them NOT to reply to me. 4) Since we have fairly recently converted to a single enterprise email system, and have a huge list of old email aliases left over from the transition, I encourage users to go to the interface we provide for alias management and remove old alias addresses that are usually the bulk of the target list of these spammers. Bob Bayn (435)797-2396 IT Security Team http://it.usu.edu/security/htm/dont-be-fooled<http://http://it.usu.edu/security/htm/dont-be-fooled> Office of Information Technology, Utah State University ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Robert Meyers [remeyers () MAIL WVU EDU] Sent: Thursday, January 26, 2012 9:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Phishing E-mail Procedures I have been tasked with writing guidelines and procedures for an official process on how to handle inbound phishing and/or otherwise malicious e-mail. The bottom line is we will be asking our user to forward all such e-mail to a central account where we will check it for any further action. Does anyone in the group have a similar process they could share? I'm in favor of continuing to tell users to delete the e-mails and go on about their business, but the task is on my desk. Thanks Bob Robert E. Meyers, Ms.Ed. Educational Program Manager Office of Information Security West Virginia University office: (304) 293-8502 remeyers () mail wvu edu
Current thread:
- Phishing E-mail Procedures Robert Meyers (Jan 26)
- Re: Phishing E-mail Procedures Colleen Keller (Jan 26)
- Re: Phishing E-mail Procedures Pete Hickey (Jan 26)
- Re: Phishing E-mail Procedures Bob Bayn (Jan 26)
- Re: Phishing E-mail Procedures Jesse Thompson (Jan 26)
- Re: Phishing E-mail Procedures Robert Meyers (Jan 26)
- Re: Phishing E-mail Procedures Valdis Kletnieks (Jan 26)
- Re: Phishing E-mail Procedures Jesse Thompson (Jan 26)
- Re: Phishing E-mail Procedures Doty, Timothy T. (Jan 26)
- Re: Phishing E-mail Procedures Valdis Kletnieks (Jan 26)
- Re: Phishing E-mail Procedures Tim Doty (Jan 26)
- Re: Phishing E-mail Procedures Valdis Kletnieks (Jan 26)
- Re: Phishing E-mail Procedures Tim Doty (Jan 26)