Educause Security Discussion mailing list archives
Re: FYI: Another round of spear Phishing
From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Tue, 1 Jul 2008 14:31:53 -0500
Yes, we have many POP hold-outs, and have no plans to force them onto IMAP. SSL is required for all of our supported email protocols (POP, IMAP and web). I fail to understand why you are focusing on POP as a problem. You should be focusing on any service that does not use SSL/TLS. Nevertheless, I don't think that this is the reason why account credentials are being compromised. Jesse UW-Madison STEVE MAGRIBY wrote:
We are still experiencing problems with usernames that have been compromised. Although there is not much that can be done when users send his/her username and password to a spammer, I am trying to find out if universities are still allowing users to POP mail and, if so, is it secure POP?? -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse Thompson Sent: Friday, June 27, 2008 11:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] FYI: Another round of spear Phishing Clyde Hoadley wrote:We have been targeted by three separate spear phishing attacks in thepastsix weeks. In spite of our efforts to filter incoming email, and to warn our campus community about these messages and not to respond to them, we have had a least 2 accounts (that we know about) hijacked and used to send spam. Right now our reputation scores are in the toilet.See this list for discussion and more reports of attacks: http://catalist.lsoft.com/scripts/wl.exe?SL1=HIED-EMAILADMIN&H=LISTSERV. ND.EDU We are tracking the reply-to addresses here: http://code.google.com/p/anti-phishing-email-reply/ The list is useful for detecting users that reply to the phishing. You could also potentially use the list for scanning for incoming attacks, at your own risk. Please report the reply addresses to the hied-emailadmin list until we find a better way to collect them. Yahoo has been very good at shutting down the accounts in response to complaints. Microsoft and Google are essentially ignoring the complaints. Zack's jest of outsourcing email as a solution to the problem should not be taken seriously. Consider what other systems use the same login credentials. Sticking your head in the sand and hoping that your outsourcing vendor will be more effective than you at stopping the attacks/replies is reckless. Other techniques that have been useful for us, in addition to what was already said: - look for blocked/deferred messages in your outbound mail queues - look in your users' webmail signatures for suspicious content - make your anti-spam vendor aware of the incoming attacks and help them improve detection Jesse
-- Jesse Thompson Email/IM: jesse.thompson () doit wisc edu
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: FYI: Another round of spear Phishing STEVE MAGRIBY (Jul 01)
- <Possible follow-ups>
- Re: FYI: Another round of spear Phishing scott hollatz (Jul 01)
- Re: FYI: Another round of spear Phishing Jesse Thompson (Jul 01)
- Re: FYI: Another round of spear Phishing Sweeny, Jonny (Jul 02)
- Re: FYI: Another round of spear Phishing Gasper, Rick (Jul 02)
- Re: FYI: Another round of spear Phishing Joel Rosenblatt (Jul 02)
- Re: FYI: Another round of spear Phishing Lucas, Bryan (Jul 02)
- Re: FYI: Another round of spear Phishing Ken Connelly (Jul 02)
- Re: FYI: Another round of spear Phishing J. Fowler (Jul 02)
- Re: FYI: Another round of spear Phishing Joel Rosenblatt (Jul 02)
- Re: FYI: Another round of spear Phishing Paul Russell (Jul 02)
- Re: FYI: Another round of spear Phishing scott hollatz (Jul 02)
- Re: FYI: Another round of spear Phishing Gasper, Rick (Jul 03)