Educause Security Discussion mailing list archives
Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings
From: Michael Young <Michael.Young () RIT EDU>
Date: Mon, 9 Dec 2019 17:16:50 +0000
We’re in the same boat. We saw a definite uptick after our marketing directory went live. Prior to that, I had a short list of ten high profile individuals that were being spoofed. After the directory went live, it spread to any manager on campus. We now have a rule that identifies any email from a short list of sources (@gmail.com, etc.) containing certain specific words or phrase combinations in subject/body/sending address. Actions range from annotation to policy quarantine based on likelihood of false positive match. Michael Young Sr. Infrastructure Engineer Rochester Institute of Technology o: (585) 475-6031 | Michael.Young () rit edu<mailto:Michael.Young () rit edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Barton, Robert W. Sent: Monday, December 9, 2019 10:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings For those that have two locations for email (for example, fac/staff on O365 & students on Google), what do you do? We’ve tried a few things and been limited in options. As a side note, our DNS sink has stopped those that send URLs. Direct requests still happen all the time. Robert W. Barton Executive Director of Information Security and Policy Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Howard, Christopher Sent: Monday, December 9, 2019 9:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Something I mentioned to our web people before was perhaps they could put a conditional into the code that if the user was visiting from a campus IP address, show the email/phone info, but otherwise don't. They still haven't done that so our info is out there, too. I wish they would do something like this as the phishing attempts are getting worse. -Christopher On Mon, 2019-12-09 at 15:14 +0000, Gregg, Christopher S. wrote: External Email We’re in a similar boat. Faculty information on departmental pages is seen as part of the marketing for the university. That is a good point though that perhaps e-mail addresses could be omitted and still accomplish the same goals. We’re using some of the built in anti-impersonation rules within Office365 as well as custom rules to block certain patterns we are seeing. That has reduced the number of “Are you there?” scams, or at least the ones we need to deal with. User awareness is getting out there compared to a year ago so the scams that get through are more of an annoyance than a threat at this point. Finding some wood to knock on right now… Chris Chris Gregg Associate Vice President of Information Security & Risk Management, CISO Innovation & Technology Services (ITS) csgregg () stthomas edu<mailto:csgregg () stthomas edu> p 1 (651) 962-6265 University of St. Thomas | stthomas.edu<https://www.stthomas.edu/> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Stromer, Wade Sent: Monday, December 9, 2019 9:09 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings We are in the same boat as you, George. From what I've heard, it's an uphill battle that we've been fighting for quite some years now. We have seen a pretty significant increase of impersonation email attacks in the last year or so and I blame it on having too much of our employee information out there on our public website also. It's very easy to find out what department, what title, and who their supervisor is and their email address. These attacks are the typical "Are you on campus?" or "Are you available?" and the goal is to get the tricked employee to send pictures of gift cards to the perpetrator. The 'supervisor' is always in a meeting and can't talk on the phone and they need it done 'ASAP as possible' 🙂 We have some email securities in place that catch impersonation email attacks and those securities are helping us thwart some of these particular of attacks. Removing our employee/staff/faculty information from the public eyes is not an option but 'scrubbing' the information should be an option. We know we can't stop end users from publishing their credentials/positions/titles to the public - this is where end user training becomes critical and pertinent. Hopefully some others have been in this situation and can shed some light on what they have done to overcome the sharing of too much user info on their institution's public sites. -Wade ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of George J. Silowash <gsilowas () NORWICH EDU<mailto:gsilowas () NORWICH EDU>> Sent: Monday, December 9, 2019 6:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [EXTERNAL][SECURITY] Public Facing Faculty listings CAUTION: This email originated from outside of the organization. Do not click links, open attachments, or correspond with the sender unless you recognize the sender and know the content is safe. We have recently seen an uptick in phishing attacks utilizing faculty information published on our website. The malicious actors are able to identify department heads and their subordinates. The malicious actors then use this information to target a department head’s subordinates utilizing “legitimate” Gmail accounts posing as the department head to send phishing emails. I have proposed removing individual contact information on the website and use contact forms, a department email account, along with several other methods to make it more difficult for the bad actors. I have been met with a great deal of resistance. Have you seen this problem? What are you doing to mitigate the risk (beyond training)? Does your website list faculty information? Are faulty required to have their information posted and/or can they opt out? Does your site take any steps to make it more difficult or costly (ie using CAPTCHAs to obtain information)? I am looking for options to help balance leadership’s desire to have public facing directory information with that of risks to individuals and the institution. Any thoughts on this would be helpful. V/R, George ---------------------------------------------------------------- George J. Silowash, MSIA, CISSP-ISSMP, CCFP, GCFE, GCFA Chief Information Security Officer Norwich University 158 Harmon Drive Northfield VT 05663 https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.norwich.edu&data=02%7C01%7Cwstromer%40SHERIDAN.EDU%7Ccac2cefc08ec46baf93608d77cac56de%7C4692dd647f4c4fdc8daf050695478412%7C0%7C0%7C637114951946107540&sdata=2OrE26uh5Ary62TtHLR4OI1Uga6juEytPqjixPR5DY0%3D&reserved=0<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.norwich.edu&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7Cad0ac9b34e784eaaf29208d77cb9afff%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C637115009321252306&sdata=yNx%2Bp4%2BV9VR9%2F%2FtnjUp3owORVEtJDyiCON2xUQxTfSQ%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cwstromer%40SHERIDAN.EDU%7Ccac2cefc08ec46baf93608d77cac56de%7C4692dd647f4c4fdc8daf050695478412%7C0%7C0%7C637114951946107540&sdata=7aU1n%2FeQANlqyG2jTdc2p6PjbO0qxj6OrlM0hGSmY0Q%3D&reserved=0<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7Cad0ac9b34e784eaaf29208d77cb9afff%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C637115009321257294&sdata=GccfkUVkE%2B1kD0IuMbvI7Em6uFviScvWNtRo6hBix0Q%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7Cad0ac9b34e784eaaf29208d77cb9afff%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C637115009321257294&sdata=GccfkUVkE%2B1kD0IuMbvI7Em6uFviScvWNtRo6hBix0Q%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community This message is not from a UTC.EDU address. Caution should be used in clicking links and downloading attachments from unknown senders or unexpected email. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Public Facing Faculty listings George J. Silowash (Dec 09)
- Re: Public Facing Faculty listings John McCabe (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Stromer, Wade (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Gregg, Christopher S. (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Scantlin, Aaron J. (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Howard, Christopher (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Barton, Robert W. (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Michael Young (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Beth Albertson (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Jamie Schademan (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Scott Norton (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Beth Albertson (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Gregg, Christopher S. (Dec 09)
- <Possible follow-ups>
- Re: Public Facing Faculty listings Benjamin Schwartz (Dec 09)