Re: How do you block spoofed communications from HR, Payroll, the President...?

[Laura Raderman <lraderman () CMU EDU>]

We try to educate all official communication channels to include a “to verify the authenticity of this message go to 
<URL>” where URL is on the www.cmu.edu domain.  An exact copy of the message should be posted to match with what was 
sent out.  It doesn’t stop the fake ones, but it helps users know which are “real”.   Unfortunately, there are enough 
groups that send out mass e-mails that there is no one specific place a user can go to to check validity.


Laura Raderman
ISO Policy & Compliance Coordinator
Carnegie Mellon University
lraderman () cmu edu

> On Oct 24, 2018, at 8:54 AM, John R. LaPrad <jrl () SVSU EDU> wrote:
>
> Hello Colleagues, I am wondering what other universities are doing to block emails to users that have spoofed 
> official people or offices on campus. Emails claiming to be from HR or Payroll, or the President.  Do you have a way 
> to 'guarantee' official communications so that end users can easily distinguish between the real and the fake?
> We have an Office 365 email environment and also have many third party organizations that send mail, for our, as our, 
> domain. 
> Any all thoughts are welcome
>
> Thank you for your time
>
> John LaPrad - CISSP, CIHE, GIAC/GMON
> Information Systems Security Manager
> Saginaw Valley State University
> 7400 Bay Rd. University Center, MI
> Phone: 989-964-7134
> jrl () svsu edu