Re: Response to phishing e-mails

[Thomas Carter <tcarter () AUSTINCOLLEGE EDU>]

One more step I've personally taken is try to contact owners or vendors of the sites serving the phishing attacks. I've 
noticed an increase in hacked WordPress sites that are then used to serve up web forms to gather the information. I try 
to notify the owners of those sites to lock down their site and delete the phishing forms. 

We're a smaller school, so this out going spam gets reported to our president's office, the dean of students, etc. They 
are all pushing back on us to "do something about it." We had a big push for phishing education last spring and again 
this fall. It does seem to be sinking in somewhat; the numbers have fallen off dramatically.

I do agree about the school email address. I would love nothing more than to completely do away with it. 10 years ago 
it was a novel thing; now every incoming student already has a yahoo, gmail, outlook.com, etc email address. Most that 
I've talked to see this as a necessary evil for school communications (a large number just set up forwarding rules to 
forward all mail to their outside email). Unfortunately, institutional momentum is a big issue as everyone builds 
processes based on local email accounts for students, so a lot of processes and systems would need to be changed to do 
away with student email addresses. Also, some vendors use .edu email addresses as a verification that a person meets 
the criteria for an educational discount. I don't know how that would be handled.

Thomas Carter
Network and Operations Manager
Austin College 
903-813-2564


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brandon 
Hume
Sent: Tuesday, October 28, 2014 6:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Response to phishing e-mails

On 28/10/2014 6:32 PM, Nick Semenkovich wrote:
> Why would students care about a school e-mail they may rarely use, 
> perhaps didn't want, and will likely disappear in a few years? Because 
> it impacts some external spam score metric that's of little importance 
> to them?

The phishing exploitation we've had to deal with has had a fairly large percentage of the spam going out under the 
user's own name. So when I encounter this particular attitude, I remind them that all that wire fraud, the ads for 
drugs, Russian brides, and so on, has been forever immortalized by the Internet.  In their name.  The first thing a 
prospective employer will type into Google.

It comes down to: "Good luck finding a job."