Educause Security Discussion mailing list archives
Re: Feedback on threatpost article: University Email Hijacking Attacks Push Phishing, Malware
From: Daniel Johnson <dj () SFSU EDU>
Date: Wed, 4 Nov 2020 01:03:09 +0000
Alex, Jim: I too am unfamiliar with Inky or their methods, but I speculate that they are running something like an email honeypot. Publish a number of legitimate email addresses to publically accessible sites, located in just the right (wrong?) areas of the web, and harvest all the spam and phishing email possible. Over the course of one year, a researcher could amass quite the collection of malicious email, some of it possibly originating from compromised university accounts. Analyzing the collection of messages could reveal some interesting patterns and trends. You would hope Inky would send a courtesy note to affected institutions, but their objectives and motives may be more commercial in nature. Daniel. ---- Daniel Johnson Systems Administrator Academic Technology Email: dj () sfsu edu Web: https://at.sfsu.edu -----Original Message----- From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Alex Keller Sent: Tuesday, November 3, 2020 2:11 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Feedback on threatpost article: University Email Hijacking Attacks Push Phishing, Malware hi Jim et al, Thanks for sending this over. Threatpost article is just a synopsis of the Inky.com marketing report found here: https://www.inky.com/hubfs/2020%20Report%20Hijacked%20University%20Accounts.pdf Very curious how Inky is collecting these emails (to: field is redacted in their screenshots), how they compiled these statistics, and if they bothered to reach out to any of the schools during the course of their research. At first glance I am concerned with the approach. Best, Alex Alex Keller StanfordĀ | Engineering Information Technology axkeller () stanford edu (650)736-6421 -----Original Message----- From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jim A. Bole Sent: Monday, November 2, 2020 6:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Feedback on threatpost article: University Email Hijacking Attacks Push Phishing, Malware I'm not familiar with Inky, the group that did this research: https://threatpost.com/university-email-hijacking-phishing-malwarephishing-malware/160735/ Curious what other think of these findings. I do find that many phishing attacks use email accounts with valid DMARC/SPF, such as hijack google accounts. Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu | O: 443-334-2696 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Feedback on threatpost article: University Email Hijacking Attacks Push Phishing, Malware Jim A. Bole (Nov 02)
- Re: Feedback on threatpost article: University Email Hijacking Attacks Push Phishing, Malware Alex Keller (Nov 03)
- Re: Feedback on threatpost article: University Email Hijacking Attacks Push Phishing, Malware Daniel Johnson (Nov 03)
- Re: Feedback on threatpost article: University Email Hijacking Attacks Push Phishing, Malware Alex Keller (Nov 03)