Educause Security Discussion mailing list archives
Re: Recent Phishing Uptick
From: Frank Barton <bartonf () HUSSON EDU>
Date: Fri, 21 Feb 2014 09:32:15 -0500
Thank you for the link/steps David. I was able to get in, and by using it find out that one of our users that had their password compromised accounts was logged into both from Nigeria and India. I saw that some of these logins were flagged as suspicious. (I wish I knew more about Google's definition of suspicious) but I got to thinking that it would be relatively simple to write up something that checks using the API on a regular basis, and checks unknown IP addresses against a geolocation service (and that caches this geolocation data to save on future lookups). before I start writing code, does anybody know if such a system already exists? what geolocation services have people used that they are happy with? I'm thinking that we could flag logins from "known bad actors/countries" and also use this as a way to retroactively look at an account that we suspect of being compromised. Thoughts? -- Frank Barton Apple Certified Mac Technician Technology Support Coordinator Husson University
Current thread:
- Re: Recent Phishing Uptick, (continued)
- Re: Recent Phishing Uptick Derek Diget (Feb 20)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick David Curry (Feb 20)
- Re: Recent Phishing Uptick Frank Barton (Feb 20)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick David Curry (Feb 20)
- Re: Recent Phishing Uptick Ejike, Emechete C. (Feb 20)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick David Curry (Feb 20)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick Frank Barton (Feb 21)
- Re: Recent Phishing Uptick Mike Iglesias (Feb 21)
- Re: Recent Phishing Uptick Tim Doty (Feb 21)
- Re: Recent Phishing Uptick Mally Mclane (Feb 20)
- More details for Google Apps Phishing warning Josef Fortier (Feb 20)