Educause Security Discussion mailing list archives

Re: Response to phishing e-mails

From: Joel Anderson <joela () UMN EDU>
Date: Mon, 27 Oct 2014 13:57:46 -0500

We absolutely encourage these reports - we even have a special email "
phishing () umn edu" to receive the messages. This puts them in a special
queue *and* gets a custom reply thanking and telling them how to give
message headers (in case they didnt'). We block email replies, divert DNS
to form pages as well as thanking the informants. In addition, we seed
information into forms to discover where attackers are coming from if
(when!) they are successful. I just put out a SANS paper on this process.

-- 
--
   ---------------------------------------------------
   joel anderson * joela () umn edu *  @joelpetera
   -->  612-625-7389  --> pager: 612-648-6823
   Security Coordinator
   University Information Security - University of Minnesota

Current thread:

Response to phishing e-mails Leland Lyerla (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
  - Re: Response to phishing e-mails Brad Judy (Oct 27)
    - Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Roger A Safian (Oct 27)
- Re: Response to phishing e-mails Manjak, Martin (Oct 27)
  - Re: Response to phishing e-mails Joel Anderson (Oct 27)
    - Re: Response to phishing e-mails Garmon, Joel (Oct 27)
    - Re: Response to phishing e-mails Thomas Carter (Oct 28)
    - Re: Response to phishing e-mails Robert Meyers (Oct 28)
    - Re: Response to phishing e-mails Nick Semenkovich (Oct 28)
    - Re: Response to phishing e-mails Brandon Hume (Oct 28)
    - Re: Response to phishing e-mails Thomas Carter (Oct 29)
    - Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
    - Re: Response to phishing e-mails Brandon Hume (Oct 29)
    - Re: Response to phishing e-mails Robert Meyers (Oct 29)
    - Re: Response to phishing e-mails Paul Chauvet (Oct 29)

(Thread continues...)