Educause Security Discussion mailing list archives

Re: Phishing alerts

From: Julie Journitz <Julie.Journitz () POMONA EDU>
Date: Thu, 25 Feb 2016 17:05:11 +0000

Jessica,

Initially, when we saw that a particular phishing ploy was widespread (say the Service Desk received 3 or more alerts 
to it), we would send out a campus wide notification. At one point, the notifications were so many and so frequent, it 
was decided to post alerts to them on the blog listed in the URL below in my signature.  It’s taken on a life of its 
own to some extent and, stylistically, it may not be to everyone’s taste. That blog post goes to our web page and our 
twitter feed. Subscription is optional.

However, if there seems to be a particularly venomous email circulating we will break protocol and broadcast to campus.

Our monthly newsletter from time to time will focus on security plans.

Additionally we have a semi-regular “High Tea at IT” meet and greet at which security is discussed.


____________________________________

Julianne Journitz
Director of Client Services
Information Technology Services
Pomona College
156 East 7th Street
Claremont, California 91711
Phishing Alert blog: http://research.pomona.edu/itsecurity/
@pomonahelp

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Jessica Murray <jlmurray () MIT EDU<mailto:jlmurray () MIT EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Thursday, February 25, 2016 at 8:36 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Phishing alerts


We’re looking into how we can better inform our community about phishing emails. Our strategy so far has been to 
educate users on what to look out for, but we’d like to start alerting users when we get phishing reports. It seems 
some schools send out institution wide alert emails, some post to a website or twitter feed. Any advice or lessons 
learned on the most effective way to alert users?

Thanks,
Jessica

Current thread:

Phishing alerts Jessica Murray (Feb 25)
- Re: Phishing alerts Barton, Robert W. (Feb 25)
- <Possible follow-ups>
- Re: Phishing alerts Julie Journitz (Feb 25)
- Re: Phishing alerts Faust Gorham (Feb 26)