Re: Phishing E-mail Procedures

[Pete Hickey <pete () SHADOWS UOTTAWA CA>]

On Thu, Jan 26, 2012 at 11:03:21AM -0500, Robert Meyers wrote:
> I have been tasked with writing guidelines and procedures for an official process on how to handle inbound phishing 
> and/or otherwise malicious e-mail. The bottom line is we will be asking our user to forward all such e-mail to a 
> central account where we will check it for any further action.   Does anyone in the group have a similar process they 
> could share? I'm in favor of continuing to tell users to delete the e-mails and go on about their business, but the 
> task is on my desk.

We have it forwarded to a special address, where our helpdesk people look at it, check,etc.

If it's a web page, we redirect that URL to our anti-phishing web page, and if it's
simply a phish relling them to reply to the email, all mail sent to that address is
forwarded to an autoresponder which tells them that they have been a victim of a phishing
attempt, and invites them to visit our anti-phishing web page.

We do not do this for ALL phishing attempts.  The main ones we worry about are those
attempting to steal email accounts.



-- 
Pete Hickey                         
The University of Ottawa            "Everyone knows someone 
Ottawa, Ontario                      who knows someone else"
Canada