Re: Response to phishing e-mails

["Manjak, Martin" <mmanjak () ALBANY EDU>]

Number 1: I try to always thank them.  Depending on the circumstances, I may explain the background. ("This came from a 
compromised account at <some>.edu.") As often as not, we're seeing the phish for the first time because it was 
forwarded to us by another employee. In that case, we look at the link and set up campus blocks to the site.

Even though it can be time consuming, I always try to respond because It makes them feel like they got it right (they 
properly identified a phishing message), and they're helping to protect the campus by reporting it.

These will come in waves, and not everyone will forward the message every time. In fact, your "regulars" will start to 
develop a sense of commonality as they take the time to examine these messages. The payoff here is that the really 
unusual ones will grab their attention and they will forward those to you, which is exactly what you want.

Although it sounds a bit unseemly, think of it as cultivating a bunch of informers; or a human early warning system.

Marty Manjak
ISO
University at Albany

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leland 
Lyerla
Sent: Monday, October 27, 2014 2:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Response to phishing e-mails

As they become more aware of how to identify phishing e-mails, our faculty and staff let us know via e-mail when they 
come across one in their in-box. I do not want to discourage their vigilance, but I would appreciate any suggestions on 
how to manage/respond to these messages.

Leland