Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Recent Phishing Uptick

From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 20 Feb 2014 03:03:06 +0000
We use Cisco Ironports to filter our email stream.  I could go into a little bit of detail tomorrow for users of 
similar equipment offline.


Bob Bayn         SER 301         (435)797-2396       IT Security Team
Office of Information Technology,                   Utah State University
    Do you know the "Skeptical Hover Technique" and
    how to tell where a web link really goes?  See:
    https://it.usu.edu/computer-security/computer-security-threats/articleID=23737


________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Gary Warner 
[gar () CIS UAB EDU]
Sent: Wednesday, February 19, 2014 7:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Recent Phishing Uptick

Bob,

Your "Modify the spam before delivering" trick is awesome!  Which mailsystem are you using, and can you share a bit 
more about your technique?

Thanks!

----------------------------------------------------------

Gary Warner
Director of Research in Computer Forensics
The University of Alabama at Birmingham
Center for Information Assurance and Joint Forensics Research
205.422.2113
gar () cis uab edu

-----------------------------------------------------------

----- Original Message -----
From: "Bob Bayn" <bob.bayn () USU EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Wednesday, February 19, 2014 8:53:14 PM
Subject: Re: [SECURITY] Recent Phishing Uptick


Speaking of phishing forms on the free hosting sites We watch for a couple dozen of those hostnames in email messages 
and add this warning at the top of the message before delivering it:



Warning: Do not enter your USU A-Number and password on any web form linked from this email message. This warning has 
been inserted here by Utah State University's IronPort Spam Filter System.
The USU spam filter has detected in the message below a link to a web form hosting service ( link ) that is SOMETIMES 
used by "phishers" to get your email address and password for their use. You must decide if the link might serve some 
other legitimate purpose that is important to you. Thanks for being an Internet Skeptic!

For information about why this warning was added to this message see:
https://it.usu.edu/computer-security/be-an-internet-skeptic/form-services/

==== ORIGINAL MESSAGE BEGINS BELOW THIS LINE ====
and I get a Bcc: of the message and report the link to the hosting site. Some hosts are very prompt (minutes) about 
disabling the form while others can take a day or more.




Bob Bayn SER 301 (435)797-2396 IT Security Team
Office of Information Technology, Utah State University
Do you know the "Skeptical Hover Technique" and
how to tell where a web link really goes? See:
https://it.usu.edu/computer-security/computer-security-threats/articleID=23737
Previous By Date Next
Previous By Thread Next

Current thread: