Re: Compromised accounts at other institutes

[Brad Judy <brad.judy () CU EDU>]

Either notify the other school directly (what I usually do), or pass the information along to the REN-ISAC Security 
Operations Center (soc () ren-isac net<mailto:soc () ren-isac net>) if you’d like a third-party to contact the 
originating institution.  Be sure to include a copy of the full email headers either way.


Brad Judy

Director of UIS Security
University Information Systems
University of Colorado
1800 Grant Street, Suite 300
Denver, CO  80203
Office: (303) 860-4293
Fax: (303) 860-4302
www.cu.edu

[cu-logo_fl]



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frank 
Barton
Sent: Friday, April 25, 2014 10:24 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Compromised accounts at other institutes

We are seeing a massive increase in the number of spear-phishing attempts being directed at our users. Many of these 
are coming from compromised accounts at other universities. The couple of folks that we have had fall for these 
phishing attempts seem to have their accounts used to send further spear-phishing attempts to yet more universities.

Aside from the obvious account security steps to take when we detect a compromised account on our system, what steps 
(if any) are others taking when you get messages that are symptomatic of compromised accounts at other universities?

Thank You

--
Frank Barton
Apple Certified Mac Technician
Technology Support Coordinator
Husson University