Educause Security Discussion mailing list archives

Re: FYI: Another round of spear Phishing

From: Dean Halter <Dean.Halter () NOTES UDAYTON EDU>
Date: Thu, 19 Jun 2008 13:05:04 -0400

One question is which kind of "phish" to use as a model: 1) the
one that asks for an email password by return email or 2) one
that directs the user to a look-alike website at a clearly bogus
URL.  We've been getting a LOT of the email reply variety lately.


We discussed this as well.  Email potentially travels in the clear and,
depending upon how you plan on "catching" the replies, mail forwarding
might cause also problems.  If we can get the go ahead, we'd like to send
our own faculty and staff a spoofed, simple email with a URL redirecting
them to a secure website off-campus modeled to look like our
authentication page and, if a user bit (I purposefully leave this vague),
pop up an educational page.

Dean

Current thread:

Re: FYI: Another round of spear Phishing, (continued)
- Re: FYI: Another round of spear Phishing Robin Polak (Jun 17)
- Re: FYI: Another round of spear Phishing ram smith (Jun 17)
- Re: FYI: Another round of spear Phishing Gary Warner (Jun 17)
- Re: FYI: Another round of spear Phishing Cal Frye (Jun 18)
- Re: FYI: Another round of spear Phishing Matthew Gracie (Jun 19)
- Re: FYI: Another round of spear Phishing Cal Frye (Jun 19)
- Re: FYI: Another round of spear Phishing Dean Halter (Jun 19)
- Re: FYI: Another round of spear Phishing Bob Bayn (Jun 19)
- Re: FYI: Another round of spear Phishing Curt Wilson (Jun 19)
- Re: FYI: Another round of spear Phishing Mclaughlin, Kevin (mclaugkl) (Jun 19)
- Re: FYI: Another round of spear Phishing Dean Halter (Jun 19)
- Re: FYI: Another round of spear Phishing Jesse Thompson (Jun 27)