Educause Security Discussion mailing list archives
Re: Response to phishing e-mails
From: Bob Bayn <bob.bayn () USU EDU>
Date: Mon, 27 Oct 2014 19:14:45 +0000
A = phish link B = sender address C = subject line D = approx number of recipients (a minimum estimate, usually) E = timestamp of entry into the spreadsheet and reporting (not timestamp of the message) F = contact address for the host of the email message (if not abuse@ and helpdesk@ which I generally try) If you look down at the bottom of the spreadsheet, you can see that I started out just recording A, B and C. I report all links to google as well as to the hosting service (or hacked website, when possible) and to our own Cisco/Ironport mail filtering system. I keep the messages for "a while" but don't use them much after saving them. I hope I don't regret putting that spreadsheet out in the public archives for this list! Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University Do you know the "Skeptical Hover Technique" and how to tell where a web link really goes? See: https://it.usu.edu/computer-security/computer-security-threats/articleID=23737 ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Brad Judy [brad.judy () CU EDU] Sent: Monday, October 27, 2014 1:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Response to phishing e-mails Bob, I really like your tracking sheet – I do something similar here for our much smaller volume (small population – just administrative staff). I assume Column B is the “From” address and perhaps column F is the “Reply-to” address? Is column D the number of recipients (or maybe number of people who reported it)? I might borrow a couple of your columns and if I may suggest, I also have columns in mine for the date is was reported to: domain/site owner, Google, Microsoft, PhishTank, Symantec (our AV vendor). I have a column for the filename of a screenshot of the webpage (if appropriate) and keep a folder of those screenshots. I also have a folder of copies of the full raw messages so I preserve headers and such. Brad Judy Director of UIS Security University Information Systems University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu [cu-logo_fl] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn Sent: Monday, October 27, 2014 12:31 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Response to phishing e-mails Coincidentally, I just gave a presentation at a security conference on what we do (which is to ENCOURAGE those reports). See: https://it.wiki.usu.edu/CreatingPhish-ResistantInternetSkeptics And also take a look at our log of reported phish message, over 4000 in the past year, at: https://docs.google.com/spreadsheet/ccc?key=0AlMnxApOMKl_dEhVa3RCRG5uclVZNFZrY3hOSmFpaUE&usp=sharing Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University Do you know the "Skeptical Hover Technique" and how to tell where a web link really goes? See: https://it.usu.edu/computer-security/computer-security-threats/articleID=23737<UrlBlockedError.aspx> ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Leland Lyerla [llyerla () UU EDU] Sent: Monday, October 27, 2014 12:23 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Response to phishing e-mails As they become more aware of how to identify phishing e-mails, our faculty and staff let us know via e-mail when they come across one in their in-box. I do not want to discourage their vigilance, but I would appreciate any suggestions on how to manage/respond to these messages. Leland
Current thread:
- Response to phishing e-mails Leland Lyerla (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)
- Re: Response to phishing e-mails Brad Judy (Oct 27)
- Re: Response to phishing e-mails Roger A Safian (Oct 27)
- Re: Response to phishing e-mails Manjak, Martin (Oct 27)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Garmon, Joel (Oct 27)
- Re: Response to phishing e-mails Thomas Carter (Oct 28)
- Re: Response to phishing e-mails Robert Meyers (Oct 28)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 28)
- Re: Response to phishing e-mails Brandon Hume (Oct 28)
- Re: Response to phishing e-mails Thomas Carter (Oct 29)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
- Re: Response to phishing e-mails Joel Anderson (Oct 27)
- Re: Response to phishing e-mails Bob Bayn (Oct 27)