Educause Security Discussion mailing list archives

Protecting from phishing

From: John LaPrad <jrl () SVSU EDU>
Date: Mon, 19 Oct 2009 14:12:58 -0400

We have had multiple users, faculty and students fall for phishing exploits in the past few months. We have an 
education program, we block spam (some still slips through), we wrote custom filters to make sure no one replies to 
phishing emails (they started embedding links to websites instead) and these phishing attempts are still working 
occasionally.
I was wondering if it would be reasonable to front the email servers with a system, like some banks do, where the 
system remembers your IP and whenever you connect from a new IP, you have to take some additional step before getting 
in.
I think that this would stop the phishers.
Is anyone doing something like this, or heard of it?
Maybe I am missing something, and this simply would not work ?
I appreciate any feedback.


John LaPrad
CISSP, CNE, CCNA, CCDA
Manager of Network Services
Saginaw Valley State University
Phone: 989-964-7134
Fax: 989-964-7446

Current thread:

Protecting from phishing John LaPrad (Oct 19)
- <Possible follow-ups>
- Re: Protecting from phishing Joel Rosenblatt (Oct 19)
- Re: Protecting from phishing Paul Kendall (Oct 19)
- Re: Protecting from phishing Flynn, Gerald (Oct 19)
- Re: Protecting from phishing Jesse Thompson (Oct 19)
- Re: Protecting from phishing Leo Song (Oct 20)
- Re: Protecting from phishing Valdis Kletnieks (Oct 20)
- Re: Protecting from phishing Valdis Kletnieks (Oct 20)
- Re: Protecting from phishing John LaPrad (Oct 20)