Educause Security Discussion mailing list archives
Re: Compromised accounts at other institutes
From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Fri, 25 Apr 2014 12:10:21 -0500
A PGP public key[1] for soc () ren-isac net is available on the REN-ISAC hompage. You could use that to encrypt your message to them which should avoid any potential spam traps. -ken [1] http://www.ren-isac.net/0x4DFD37BE.asc On 4/25/14, 12:02 PM, Frank Barton wrote:
What I've seen when trying to report using full headers is that the message is often blocked by spam
filters (Occasionally having to release my own message on our outbound spam filter). The suggestion of using the REN-ISAC SOC that Brad mentioned a little while ago sounds like a good method. I wonder if they have a non-email based way to report such things
Thank you all On Fri, Apr 25, 2014 at 12:32 PM, charlie derr <cderr () simons-rock edu
<mailto:cderr () simons-rock edu>> wrote:
On 04/25/2014 12:24 PM, Frank Barton wrote:We are seeing a massive increase in the number of spear-phishing attempts being directed at our users. Many of these are coming from compromised accounts at other universities. The couple of folks that we have had fall for these phishing attempts seem to have their accounts used to send further spear-phishing attempts to yet more universities.Aside from the obvious account security steps to take when we detect a compromised account on our system, what steps (if any) are others taking when you get messages that are symptomatic of compromised accounts at other universities?Thank You-- Frank Barton Apple Certified Mac Technician Technology Support Coordinator Husson UniversityWhen I become aware of such compromises (and I confess there may be traffic coming through our mailserver like this which I'm not explicitly aware of), I always pursue it until I'm sure I've gotten someone in a technical position (whether helpdesk or IT staff) at the school with the compromised account who understands what I'm reporting (by sending my full headers). Sometimes this is possible only using email, but if I get bounces from the obvious addresses (postmaster@ and abuse@), I usually pick up the phone and war dial individual named staff from the website of the institution until someone answers and I can feel satisfied that my report has made it far enough to be handled by a technical person who is capable of remediating. ~c -- Frank Barton Apple Certified Mac Technician Technology Support Coordinator Husson University
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent!
Current thread:
- Compromised accounts at other institutes Frank Barton (Apr 25)
- Re: Compromised accounts at other institutes Brad Judy (Apr 25)
- Re: Compromised accounts at other institutes Roger A Safian (Apr 25)
- Re: Compromised accounts at other institutes charlie derr (Apr 25)
- Re: Compromised accounts at other institutes Frank Barton (Apr 25)
- Re: Compromised accounts at other institutes Ken Connelly (Apr 25)
- Re: Compromised accounts at other institutes Frank Barton (Apr 25)
- Re: Compromised accounts at other institutes Bob Bayn (Apr 25)
- Re: Compromised accounts at other institutes Frank Barton (Apr 25)
- Re: Compromised accounts at other institutes Joel L. Rosenblatt (Apr 25)
- <Possible follow-ups>
- Re: Compromised accounts at other institutes Joe St Sauver (Apr 25)
- Re: Compromised accounts at other institutes Bob Bayn (Apr 25)