Educause Security Discussion mailing list archives

Re: Recent Phishing Uptick

From: Derek Diget <derek.diget+educause-security () WMICH EDU>
Date: Thu, 20 Feb 2014 11:47:20 -0500

On Feb 20, 2014 at 11:26 -0500, Paul Chauvet wrote:
=>That is a FANTASTIC idea. There are sites which are often used for 
=>phishing but not exclusively enough that we can block them. Doing that 
=>(via our Ironport of those URLs are detected) is a great idea.
=>
=>We will probably be implementing this here. My sincere thanks for this                                                
            
=>idea!                                                                                                                 
            
                                                                                                                        
            
Beware of dragons.....                                                                                                  
            
                                                                                                                        
            
This may sound like a good idea, but modifying message content (which 
includes Subject:) breaks "signed" messages.  Be it DKIM, S/MIME and/or 
PGP.
                                                                                                                        
            
I am thinking of a DKIM signed message that happens to include a                                                        
            
webs.com link.  Something that wouldn't be unusual to see.                                                              
            
                                                                                                                        
            
                                                                                                                        
            
=>P.S. Would you be willing to share (on-list or off-list) a list of the                                                
            
=>URLs of these hosting services that you use this for?                                                                 
            

There's an app^H^H^H list for that.... See
<http://groups.google.com/group/anti-phishing-email-reply-discuss>    


-- 
***********************************************************************
Derek Diget                            Office of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***********************************************************************

Current thread:

Re: Recent Phishing Uptick, (continued)
- - - Re: Recent Phishing Uptick Gary Warner (Feb 19)
- Re: Recent Phishing Uptick David Curry (Feb 19)
  - Re: Recent Phishing Uptick Shettler, David (Feb 19)
    - Re: Recent Phishing Uptick Bob Bayn (Feb 19)
  - Re: Recent Phishing Uptick Bob Bayn (Feb 19)
    - Re: Recent Phishing Uptick Gary Warner (Feb 19)
    - Re: Recent Phishing Uptick Bob Bayn (Feb 19)
    - Re: Recent Phishing Uptick Brandon Hume (Feb 20)
    - Re: Recent Phishing Uptick Roger A Safian (Feb 20)
    - Re: Recent Phishing Uptick Paul Chauvet (Feb 20)
    - Re: Recent Phishing Uptick Derek Diget (Feb 20)
  - Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
    - Re: Recent Phishing Uptick David Curry (Feb 20)
    - Re: Recent Phishing Uptick Frank Barton (Feb 20)
    - Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
    - Re: Recent Phishing Uptick David Curry (Feb 20)
    - Re: Recent Phishing Uptick Ejike, Emechete C. (Feb 20)
    - Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
    - Re: Recent Phishing Uptick David Curry (Feb 20)
    - Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
    - Re: Recent Phishing Uptick Frank Barton (Feb 21)

(Thread continues...)