Educause Security Discussion mailing list archives

Re: Targeted Spearphish attacks impersonating dept heads, directors

From: Joseph Tam <tam () MATH UBC CA>
Date: Mon, 17 Sep 2018 13:01:50 -0700

On Sat, 15 Sep 2018, Bryce Porter wrote:

It appeared in both cases that emails were scraped from public websites
listing departmental contacts.


I liberally sprinkle bait addresses into our public web pages.  Any
attempt to deliver to these addresses will poison future mail deliveries
from the "same" sender ("same" is sometimes hard to figure out if rotating
spoofed or bounce-tag sender addresses are used).

Two benefits: it detects/kills mail that would evade other techniques,
and you get immediate phish samples.

Joseph Tam <tam () math ubc ca>

Current thread:

Targeted Spearphish attacks impersonating dept heads, directors randy (Sep 14)
- Re: Targeted Spearphish attacks impersonating dept heads, directors Bryce Porter (Sep 15)
- <Possible follow-ups>
- Re: Targeted Spearphish attacks impersonating dept heads, directors Joseph Tam (Sep 17)