Educause Security Discussion mailing list archives
Re: Phishing E-mail Procedures
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 26 Jan 2012 16:22:56 +0000
I have a sort of self-imposed process for handling phishing that goes like this:
1) part of our Internet Skeptic campaign includes encouraging people to forward recently received phish and other
dangerous looking messages to phish () usu edu. They are also encouraged to forward all unblocked spam to our spam ()
usu edu address for automated reporting to Ironport, our spam firewall vendor.
2) I investigate, including checking our email delivery logs for other recipients.
3) I compile a list of those recipients and send them a message that explains the nature of the mischief including the
misuse of the prior victims, and how to recover from mistakes the recipient might have already made (clicking on
attachment or providing password). I congratulate those who ignored the scam and encourage them NOT to reply to me.
4) Since we have fairly recently converted to a single enterprise email system, and have a huge list of old email
aliases left over from the transition, I encourage users to go to the interface we provide for alias management and
remove old alias addresses that are usually the bulk of the target list of these spammers.
Bob Bayn (435)797-2396 IT Security Team
http://it.usu.edu/security/htm/dont-be-fooled<http://http://it.usu.edu/security/htm/dont-be-fooled>
Office of Information Technology, Utah State University
________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Robert Meyers
[remeyers () MAIL WVU EDU]
Sent: Thursday, January 26, 2012 9:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Phishing E-mail Procedures
I have been tasked with writing guidelines and procedures for an official process on how to handle inbound phishing
and/or otherwise malicious e-mail. The bottom line is we will be asking our user to forward all such e-mail to a
central account where we will check it for any further action. Does anyone in the group have a similar process they
could share? I'm in favor of continuing to tell users to delete the e-mails and go on about their business, but the
task is on my desk.
Thanks
Bob
Robert E. Meyers, Ms.Ed.
Educational Program Manager
Office of Information Security
West Virginia University
office: (304) 293-8502
remeyers () mail wvu edu
Current thread:
- Phishing E-mail Procedures Robert Meyers (Jan 26)
- Re: Phishing E-mail Procedures Colleen Keller (Jan 26)
- Re: Phishing E-mail Procedures Pete Hickey (Jan 26)
- Re: Phishing E-mail Procedures Bob Bayn (Jan 26)
- Re: Phishing E-mail Procedures Jesse Thompson (Jan 26)
- Re: Phishing E-mail Procedures Robert Meyers (Jan 26)
- Re: Phishing E-mail Procedures Valdis Kletnieks (Jan 26)
- Re: Phishing E-mail Procedures Jesse Thompson (Jan 26)
- Re: Phishing E-mail Procedures Doty, Timothy T. (Jan 26)
- Re: Phishing E-mail Procedures Valdis Kletnieks (Jan 26)
- Re: Phishing E-mail Procedures Tim Doty (Jan 26)
- Re: Phishing E-mail Procedures Valdis Kletnieks (Jan 26)
- Re: Phishing E-mail Procedures Tim Doty (Jan 26)