Educause Security Discussion mailing list archives
Re: Public Facing Faculty listings
From: John McCabe <john.mccabe01 () MANHATTAN EDU>
Date: Mon, 9 Dec 2019 10:04:48 -0500
Hi George, The solution I've settled on is to quarantine email that arrives from domains such as @gmail.com where the username matches academic department heads. Over the past few weeks, the phishing email addresses have changed their account naming method to use unrelated names. They still use the academic department heads' names in the email headers though (e.g. "James Brown" <sarahjohnson832 () gmail com>) and now create rules for that too. Make sure to create the quarantine rules such that false positives can be whitelisted. For instance if quarantining email based on the name appearing anywhere in the full headers then, make exceptions for messages-noreply () linkedin com, notification () facebookmail com, etc. Also if quarantining based on the name appearing anywhere in the full headers then, don't forget base64 encoding. Regards, John On Mon, Dec 9, 2019 at 8:33 AM George J. Silowash <gsilowas () norwich edu> wrote:
We have recently seen an uptick in phishing attacks utilizing faculty information published on our website. The malicious actors are able to identify department heads and their subordinates. The malicious actors then use this information to target a department head’s subordinates utilizing “legitimate” Gmail accounts posing as the department head to send phishing emails. I have proposed removing individual contact information on the website and use contact forms, a department email account, along with several other methods to make it more difficult for the bad actors. I have been met with a great deal of resistance. Have you seen this problem? What are you doing to mitigate the risk (beyond training)? Does your website list faculty information? Are faulty required to have their information posted and/or can they opt out? Does your site take any steps to make it more difficult or costly (ie using CAPTCHAs to obtain information)? I am looking for options to help balance leadership’s desire to have public facing directory information with that of risks to individuals and the institution. Any thoughts on this would be helpful. V/R, George ---------------------------------------------------------------- George J. Silowash, MSIA, CISSP-ISSMP, CCFP, GCFE, GCFA Chief Information Security Officer Norwich University 158 Harmon Drive Northfield VT 05663 http://www.norwich.edu ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
-- *John McCabe * *Senior Information Security Manager & Data Protection OfficerInformation Technology Services* [image: Manhattan College Logo/Shield] Riverdale, NY 10471 Phone: 718-862-6217 john.mccabe01 () manhattan edu www.manhattan.edu ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Public Facing Faculty listings George J. Silowash (Dec 09)
- Re: Public Facing Faculty listings John McCabe (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Stromer, Wade (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Gregg, Christopher S. (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Scantlin, Aaron J. (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Howard, Christopher (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Barton, Robert W. (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Michael Young (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Beth Albertson (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Jamie Schademan (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Scott Norton (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Beth Albertson (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Gregg, Christopher S. (Dec 09)