Educause Security Discussion mailing list archives
Re: Evaluation of Phishing Attempts for Community Notice
From: "Matthew Nappi [Information Security]" <matthew.nappi () STONYBROOK EDU>
Date: Mon, 20 Jul 2020 13:47:26 -0400
Hi Robert: We target actual recipients when we receive a report of a phishing email that made into our mailboxes warning them that they were recipients of the particular attack and encouraging them to let us know to they fell victim. In terms of general campus-wide alerts, we do so based on observed trends. For example, we sent an alert regarding Business Email Compromises on the heels of several reported attempts and we sent a COVID specific alert when we heard of reports in the wild, but before we actually received any incoming reports because we were trying to get ahead of it. In any case, it’s always hard to strike a balance between raising awareness and alert fatigue, so we prefer targeted whenever possible. On Thu, Jul 16, 2020 at 12:03 PM Barton, Robert W. <bartonrt () lewisu edu> wrote:
When considering sending out general alerts for phishing emails, what criteria do you use (if you do...)? Number of users receiving the email? Sophistication of email attack? ‘Whale’ vs small fish targets? Do staff/fac have a higher priority than students? The reason I ask is we started with a straight numbers vs target comparison and now think we should have a more nuanced evaluation of when we send something out. We don't want to flood inboxes with warnings (as the quantity of attacks has ticket upward), but want to send them out when necessary as they are also good reminders to be vigilant. What do you do? Robert W. Barton <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g> <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g>Executive Director of Information Security & Policy Lewis University One University Parkway <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g> Romeoville, IL <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g> 60446 <https://www.google.com/maps/search/University+Parkway+%0D%0A+%0D%0A+Romeoville,+IL+60446?entry=gmail&source=g> -2200 815-836-5663 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
-- Matt Nappi, CISSP | CISM | GIAC Chief Information Security Officer Assistant Vice President Stony Brook University 631-632-4856 (24856) | 100 Nicolls Road, 11794 This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by e-mail and destroy all copies of the original. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Evaluation of Phishing Attempts for Community Notice Barton, Robert W. (Jul 16)
- Re: Evaluation of Phishing Attempts for Community Notice Matthew Nappi [Information Security] (Jul 20)