Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Response to phishing e-mails

From: "Garmon, Joel" <garmonjs () WFU EDU>
Date: Mon, 27 Oct 2014 16:51:04 -0400
We respond very similar to the DNS redirect and other technical means.  We
also have an iframe on several of our main web pages such as win.wfu.edu
where we post recent phishing attempts so everyone can go there and check
to see if it is phishing and has it been reported.


Phishing Catch of the Day


Thank you,

Joel Garmon
Director Information Security
Wake Forest University
336-758-2972

On Mon, Oct 27, 2014 at 2:57 PM, Joel Anderson <joela () umn edu> wrote:


We absolutely encourage these reports - we even have a special email "
phishing () umn edu" to receive the messages. This puts them in a special
queue *and* gets a custom reply thanking and telling them how to give
message headers (in case they didnt'). We block email replies, divert DNS
to form pages as well as thanking the informants. In addition, we seed
information into forms to discover where attackers are coming from if
(when!) they are successful. I just put out a SANS paper on this process.

--
--
   ---------------------------------------------------
   joel anderson * joela () umn edu *  @joelpetera
   -->  612-625-7389  --> pager: 612-648-6823
   Security Coordinator
   University Information Security - University of Minnesota
Previous By Date Next
Previous By Thread Next

Current thread: