Re: Public Facing Faculty listings

[John McCabe <john.mccabe01 () MANHATTAN EDU>]

Hi George,

The solution I've settled on is to quarantine email that arrives from
domains such as @gmail.com where the username matches academic department
heads. Over the past few weeks, the phishing email addresses have changed
their account naming method to use unrelated names. They still use the
academic department heads' names in the email headers though (e.g. "James
Brown" <sarahjohnson832 () gmail com>) and now create rules for that too.

Make sure to create the quarantine rules such that false positives can be
whitelisted. For instance if quarantining email based on the name appearing
anywhere in the full headers then, make exceptions for
messages-noreply () linkedin com, notification () facebookmail com, etc.

Also if quarantining based on the name appearing anywhere in the full
headers then, don't forget base64 encoding.

Regards,
John

On Mon, Dec 9, 2019 at 8:33 AM George J. Silowash <gsilowas () norwich edu>
wrote:

> We have recently seen an uptick in phishing attacks utilizing faculty
> information published on our website. The malicious actors are able to
> identify department heads and their subordinates. The malicious actors then
> use this information to target a department head’s subordinates utilizing
> “legitimate” Gmail accounts posing as the department head to send phishing
> emails.
>
> I have proposed removing individual contact information on the website and
> use contact forms, a department email account, along with several other
> methods to make it more difficult for the bad actors. I have been met with
> a great deal of resistance.
>
> Have you seen this problem? What are you doing to mitigate the risk
> (beyond training)? Does your website list faculty information? Are faulty
> required to have their information posted and/or can they opt out? Does
> your site take any steps to make it more difficult or costly (ie using
> CAPTCHAs to obtain information)? I am looking for options to help balance
> leadership’s desire to have public facing directory information with that
> of risks to individuals and the institution.
>
> Any thoughts on this would be helpful.
>
> V/R,
> George
> ----------------------------------------------------------------
> George J. Silowash, MSIA, CISSP-ISSMP, CCFP, GCFE, GCFA
> Chief Information Security Officer
> Norwich University
> 158 Harmon Drive
> Northfield VT 05663
> http://www.norwich.edu
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community


-- 
*John McCabe *

*Senior Information Security Manager & Data Protection OfficerInformation
Technology Services*
[image: Manhattan College Logo/Shield]
Riverdale, NY 10471
Phone: 718-862-6217
john.mccabe01 () manhattan edu
www.manhattan.edu

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community