Re: Compromised accounts at other institutes

[Ken Connelly <Ken.Connelly () UNI EDU>]

A PGP public key[1] for soc () ren-isac net is available on the REN-ISAC
hompage.  You could use that to encrypt your message to them which
should avoid any potential spam traps.

-ken

[1] http://www.ren-isac.net/0x4DFD37BE.asc

On 4/25/14, 12:02 PM, Frank Barton wrote:
> What I've seen when trying to report using full headers is that the message is often blocked by spam
filters (Occasionally having to release my own message on our outbound
spam filter). The suggestion of using the REN-ISAC SOC that Brad
mentioned a little while ago sounds like a good method. I wonder if they
have a non-email based way to report such things
> Thank you all
>
>
> On Fri, Apr 25, 2014 at 12:32 PM, charlie derr <cderr () simons-rock edu
<mailto:cderr () simons-rock edu>> wrote:
> On 04/25/2014 12:24 PM, Frank Barton wrote:
> > We are seeing a massive increase in the number of spear-phishing
> > attempts being directed at our users. Many of these are coming
> > from compromised accounts at other universities. The couple of
> > folks that we have had fall for these phishing attempts seem to
> > have their accounts used to send further spear-phishing attempts to
> > yet more universities.
>
> > Aside from the obvious account security steps to take when we
> > detect a compromised account on our system, what steps (if any) are
> > others taking when you get messages that are symptomatic of
> > compromised accounts at other universities?
>
> > Thank You
>
> > -- Frank Barton Apple Certified Mac Technician Technology Support
> > Coordinator Husson University
>
> When I become aware of such compromises (and I confess there may be
> traffic coming through our mailserver like this which I'm not
> explicitly aware of), I always pursue it until I'm sure I've gotten
> someone in a technical position (whether helpdesk or IT staff) at the
> school with the compromised account who understands what I'm reporting
> (by sending my full headers).  Sometimes this is possible only using
> email, but if I get bounces from the obvious addresses (postmaster@
> and abuse@), I usually pick up the phone and war dial individual named
> staff from the website of the institution until someone answers and I
> can feel satisfied that my report has made it far enough to be handled
> by a technical person who is capable of remediating.
>
>     ~c
>
>
>
>
> --
> Frank Barton
> Apple Certified Mac Technician
> Technology Support Coordinator
> Husson University

-- 
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!