Educause Security Discussion mailing list archives
Re: Student phishing, "internship" opportunities, etc.
From: "Scantlin, Aaron J." <ScantlinA () MISSOURI EDU>
Date: Mon, 30 Jul 2018 17:02:50 +0000
We've experienced this from time to time... very rarely do they try and impersonate a University official on such a large scale, but it's not unheard of. In addition to what you've already done, it might also be a good time to remind your users what some best practices for ensuring an e-mail isn't a phish: -Verify that the sending e-mail address is indeed from your organization -To that end, setup SPF and DKIM to help protect your users from spoofing -Legitimate University of Arizona e-mails will not ask you to send PII via unencrypted channels [hopefully! :)] -If something sounds too good to be true, there's a fair chance that it is too good to be true You might not be able to use all of that depending on your campus' political climate, but coupling technical controls with more aggressive awareness seems like a good way to attack this problem. Aaron J. Scantlin Security Analyst, Division of IT GSEC, GCFA University of Missouri, Columbia (W) +1-573-884-7555 (C) +1-573-424-0539 scantlina () missouri edu<mailto:scantlina () missouri edu> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Banks, Teresa E - (tbanks) Sent: Monday, July 30, 2018 11:56 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Student phishing, "internship" opportunities, etc. Hi everyone, Our students have been getting pummeled with emails offering them "internship opportunities" or "jobs" that appear to be sent from a faculty member, but turn out to be fraudulent (see sample at https://security.arizona.edu/phishing-alert/72618-internship-opportunity). Are other universities experiencing this? If so, what is the approach (beyond posting the phish as an alert) to help students understand that they are targets for fraud? We want to take a strategic approach to helping our students, and thought we would see if the community had any good advice. Thanks in advance, Teresa E. Banks Manager, Information Security Information Security Office The University of Arizona Office: 520.621.8476 Cell: 520.909.6057 Email: tbanks () email arizona edu<mailto:tbanks () email arizona edu> security.arizona.edu [UA-InfoSec-Primary-Email-resized] This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.
Current thread:
- Student phishing, "internship" opportunities, etc. Banks, Teresa E - (tbanks) (Jul 30)
- Re: Student phishing, "internship" opportunities, etc. Scantlin, Aaron J. (Jul 30)
- Re: Student phishing, "internship" opportunities, etc. John Ruggirello (Jul 30)
- Re: Student phishing, "internship" opportunities, etc. Andrea Tanner (Jul 31)
- Re: Student phishing, "internship" opportunities, etc. Banks, Teresa E - (tbanks) (Jul 31)