Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] Notifications of external emails
From: Frank Barton <bartonf () HUSSON EDU>
Date: Wed, 8 Feb 2017 11:50:35 -0500
The problem that we're seeing is that one internal person gets phished, and then starts spewing internal emails. I'm going to start another chain, but we are seeing some persistant threads that might help identify compromised accounts. Frank On Wed, Feb 8, 2017 at 11:37 AM, Cecka, Benjamin <BCecka () clark edu> wrote:
Since August we’ve been phished persistently and we also implemented the “[EXTERNAL]” subject prefix on all of our inbound email. We also had some resistance but it hasn’t gotten to the point where we felt the need to reconsider. It took a few days of adjusting as some internal email was being flagged incorrectly and there was objection to flagging student messages and some hosted web applications. All in all there was also positive feedback and the campus seems to have adjusted well to it. Best regards, Ben Cecka Director, Infrastructure & Security Information Technology Clark College (360) 992-2194 *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Thomas Carter *Sent:* Wednesday, February 8, 2017 7:18 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [EXTERNAL] Re: [SECURITY] Notifications of external emails This is more to combat the traditional “HR is validating your last paycheck. Click the link and enter your account info” type of phishing. Something procedural will get generally ignored by many departments when sending out emails, so we’re looking for something more automatic. *Thomas Carter* Network & Operations Manager / IT *Austin College* 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 <(903)%20813-2564> www.austincollege.edu [image: http://www.austincollege.edu/images/AusColl_Logo_Email.gif] *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Napier, Mark E *Sent:* Wednesday, February 8, 2017 9:04 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Notifications of external emails What about encouraging or requiring your users to use S/MIME to sign their emails? That would also cover the situation in which a machine on the internal network is engaged in pushing. (In most cases, anyway) -- Mark E. Napier MIS, CIPT Deputy Director of Information Technology / Chief Information Privacy and Security Officer School of Informatics and Computing Indiana University On Feb 8, 2017, at 9:57 AM, Thomas Carter <tcarter () AUSTINCOLLEGE EDU <tcarter () austincollege edu>> wrote: We are trying to combat phishing by making users more aware of emails that come from outside campus vs internal emails. We’ve trialed using a mail rule to modify the subject line and prepend a flag (like “EXTERNAL:” or similar) but users complained it caused confusion (?) and they didn’t like emails to be modified. I suspect a disclaimer added to the body of the message would be either ignored or disliked for the same reasons. Has anyone else done something to somehow flag external emails? What was the feedback? How well does it work? *Thomas Carter* Network & Operations Manager / IT *Austin College* 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 <(903)%20813-2564> www.austincollege.edu <image001.gif>
-- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- Notifications of external emails Thomas Carter (Feb 08)
- Re: Notifications of external emails Napier, Mark E (Feb 08)
- Re: Notifications of external emails Thomas Carter (Feb 08)
- Re: Notifications of external emails Harris, Brent (Feb 08)
- Re: Notifications of external emails Frank Barton (Feb 08)
- Re: Notifications of external emails Thomas Carter (Feb 08)
- Re: Notifications of external emails Valdis Kletnieks (Feb 08)
- Re: Notifications of external emails Thomas Carter (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] Notifications of external emails Cecka, Benjamin (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] Notifications of external emails Frank Barton (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] Notifications of external emails Klein Keane, Justin (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] Notifications of external emails Alan Amesbury (Feb 08)
- Re: [EXTERNAL] Re: [SECURITY] Notifications of external emails Frank Barton (Feb 08)
- Re: Notifications of external emails Napier, Mark E (Feb 08)
- <Possible follow-ups>
- Re: Notifications of external emails Johnson, Kyle A (Feb 08)