Re: Notifying organizations when you receive phishing e-mails from them

["Jacobson, Dick" <dick.jacobson () NDUS EDU>]

If the notice comes to me (or is given to me), I will takes these steps also.  I appreciate it when others tell me of a 
compromised machine before it escalates too far.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger A 
Safian
Sent: Friday, January 25, 2013 10:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Notifying organizations when you receive phishing e-mails from them

I usually try abuse@ if the site sending the phishing seems like they might take some action.  I also look at ARIN and 
get the security contact if need be.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tonkin, 
Derek K
Sent: Friday, January 25, 2013 10:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Notifying organizations when you receive phishing e-mails from them

Does anyone try to reach out to the IT departments of organizations you receive phishing e-mails from?  We received 
some today that is coming from an @nih.gov account and I was trying to determine how I could notify them.  I got to 
thinking that it might be a worthwhile to build a page on our website where we could allow outside organizations to 
report spam/phishing messages from accounts on our domain.  Has anyone else done this or even considered it?

Thanks!
___________________________________________________________
DEREK TONKIN
Information Security Analyst
ITS - Networking Systems
DPKG Suite 117.3
(254) 710-7061
Derek_Tonkin () Baylor edu<mailto:Derek_Tonkin () Baylor edu>

External Mailing Address
One Bear Place #97268
Waco, TX 76798-7268
[Description: bearawarefinal]