Educause Security Discussion mailing list archives
Re: Differentiating Between Real and Phishing Emails to Staff and Students
From: David Kovarik <david-kovarik () NORTHWESTERN EDU>
Date: Tue, 13 May 2008 07:52:23 -0500
Tim - I'm not sure there's an easy answer here. - First and foremost is to again emphasize that you are not soliciting any information from your audience. - With the increasing frequency, you may elect to combine multiple examples within a pdf. This helps emphasize your message that you're providing and not soliciting information. - We considered digital signatures but collective opinion is users simply don't confirm the authorization, possibly leading to other issues. - We put up a webpage that includes recent examples and point to that in our e-mail http://www.it.northwestern.edu/security/phishing-examples.html - I'd suggest deleting the bogus URL within your examples to prevent the curious from clicking on the link (I just noticed we neglected to do that in one of examples - my bad!). Hope this helps - Dave Dave Kovarik, ISS/C Northwestern University Office: (847) 467-5930 ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tim Lane Sent: Tuesday, May 13, 2008 12:05 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Differentiating Between Real and Phishing Emails to Staff and Students Hi All, I regularly send out emails to staff and students advising on phishing scams, general security alerts, password changes etc. As the frequency of targeted phishing scams increase, I continue to get more queries by staff and students questioning if the very emails I send to staff and students are valid or a scam. I would be interested in knowing how other institutions are providing increasing assurance to staff and students that emails from their IT or Security section are valid. Examples might include disclaimers, digital signatures or encryption etc, but if this is an area you have looked at and addressed could you please advise. Thanks, Tim Tim Lane Information Security Manager IT&TS Southern Cross University Ph (02) 6620 3530 Mobile 0418 248 571
Current thread:
- Differentiating Between Real and Phishing Emails to Staff and Students Tim Lane (May 12)
- <Possible follow-ups>
- Re: Differentiating Between Real and Phishing Emails to Staff and Students Joel Rosenblatt (May 13)
- Re: Differentiating Between Real and Phishing Emails to Staff and Students David Kovarik (May 13)
- Re: Differentiating Between Real and Phishing Emails to Staff and Students Kubb, Rick (May 13)
- Re: Differentiating Between Real and Phishing Emails to Staff and Students Bob Bayn (May 13)
- Re: Differentiating Between Real and Phishing Emails to Staff and Students Mike Waller (May 13)
- Re: Differentiating Between Real and Phishing Emails to Staff and Students Sarah Stevens (May 13)
- Re: Differentiating Between Real and Phishing Emails to Staff and Students Ozzie Paez (May 14)