Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Differentiating Between Real and Phishing Emails to Staff and Students

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Tue, 13 May 2008 06:46:40 -0400
When we send out a security education email, we always post a copy of the email on the Security web site - we tell 
people if they want to verify, go to the
security web site (we do not provide a clickable link) and they will see the same information. (we have an Alerts 
section)

Since we started doing that (about 4 years ago), we stopped getting those questions.

My 2 cents.

Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel


--On Tuesday, May 13, 2008 3:04 PM +1000 Tim Lane <tlane () SCU EDU AU> wrote:




Hi All,



I regularly send out emails to staff and students advising on phishing scams, general security alerts, password changes 
etc.  As the frequency of targeted
phishing scams increase, I continue to get more queries by staff and students questioning if the very emails I send to 
staff and students are valid or a
scam.



I would be interested in knowing how other institutions are providing increasing assurance to staff and students that 
emails from their IT or Security
section are valid.



Examples might include disclaimers, digital signatures or encryption etc, but if this is an area you have looked at and 
addressed could you please advise.



Thanks,



Tim







Tim Lane

Information Security Manager

IT&TS

Southern Cross University

Ph (02) 6620 3530

Mobile 0418 248 571








Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Previous By Date Next
Previous By Thread Next

Current thread: