Educause Security Discussion mailing list archives
Re: Response to phishing e-mails
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Mon, 27 Oct 2014 18:37:31 +0000
We typically just respond with our auto reply, unless we need specific information. Here's a copy. Thanks for contacting the Northwestern University Information Security team. This reply confirms our receipt of your message and provides information on our team's policies and procedures. We appreciate your personal commitment towards keeping the Northwestern network secure. If you are reporting a suspicious email please note that we are particularly interested in messages trying to obtain credentials for university services. The University does prevent most fraudulent or unsolicited bulk messages from reaching our network, but there will always be some that get through. You can manage these through your personal email client. Help is available by sending a message to consultant () northwestern edu. Do not click on any links or submit personal information in response to any suspicious messages. If you did submit personal information please change your NetID password at once and notify us immediately, otherwise simply delete the message. We will attempt to get the fraudulent site disabled and block access from Northwestern's network. You may not receive any further replies about the status of this incident due to privacy and legal restrictions, but be assured that we investigate and take appropriate action on any and all information sent to this address. If you have any further information to share with us about this incident, please reply to this email to ensure that your correspondence with us is properly tracked. Additional information about spam: "From:" email addresses are easily and commonly forged and are not an appropriate way to determine where a spam message originated. If a spam email's only association to Northwestern University is the presence of northwestern.edu in the email address with no accompanying Northwestern University IP address in the email headers, we have had no part in its origination and can take no mitigating action. With this in mind, we require the full email headers to investigate any spam complaint. Please verify that the email originated on our network by finding the original IP from the email headers and doing a whois lookup on that IP address (more information can be found at whois.arin.net). If you have trouble obtaining the email headers, please follow the below link for instructions on how to do so within many common email applications: <http://oit.nd.edu/email/fullheaders.shtml> If you are reporting a bounce notification for a spam message that you did not send, your email address is likely being forged in spam mails. There is unfortunately nothing we can do to stop those bounces, and we suggest that you filter those messages in your email client until they subside. -- NUIT - Information Security (1 business day response time) Non-Emergency Phone: (847)467-6662 (8:30AM-5:00PM, Mon-Fri ask for Security) Emergency Phone: (847)467-6662 (24/7/365--ask for the On-Call Network Engineer) From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leland Lyerla Sent: Monday, October 27, 2014 1:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Response to phishing e-mails As they become more aware of how to identify phishing e-mails, our faculty and staff let us know via e-mail when they come across one in their in-box. I do not want to discourage their vigilance, but I would appreciate any suggestions on how to manage/respond to these messages. Leland
Current thread:
- Response to phishing e-mails Leland Lyerla (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Roger A Safian (Oct 27)
- Re: Response to phishing e-mails Manjak, Martin (Oct 27)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Garmon, Joel (Oct 27)
- Re: Response to phishing e-mails Thomas Carter (Oct 28)
- Re: Response to phishing e-mails Robert Meyers (Oct 28)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 28)
- Re: Response to phishing e-mails Brandon Hume (Oct 28)
- Re: Response to phishing e-mails Thomas Carter (Oct 29)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
- Re: Response to phishing e-mails Brandon Hume (Oct 29)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)