[38144] in Resnet-Forum
Re: SPAM!!
daemon@ATHENA.MIT.EDU (Deborah Hovey Boutchyard (dhovey))
Tue Apr 2 09:58:31 2013
X-Barracuda-Envelope-From: dhovey@umw.edu
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_491AC8CDB784AE45A77170616E8212AA0BABEA1740MSEXCHDBumwlo_"
MIME-Version: 1.0
Message-ID: <491AC8CDB784AE45A77170616E8212AA0BABEA1740@MSEXCH-DB.umw.local>
Date: Tue, 2 Apr 2013 09:57:59 -0400
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: "Deborah Hovey Boutchyard (dhovey)" <dhovey@umw.edu>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <E9F8CA088AE7B645B6A412B2F7133AAA4A3D7E17@SMCEXMBX01.mikenet.smcvt.edu>
--_000_491AC8CDB784AE45A77170616E8212AA0BABEA1740MSEXCHDBumwlo_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
That's a good thought- we've done user awareness training, but any tool in =
the arsenal is a good thing! Thanks!
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Umansky, =
Shawn
Sent: Tuesday, April 02, 2013 9:55 AM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: SPAM!!
This topic reminded me of something we implemented with our Barracuda spam =
filter appliances a while back.
A couple of years ago, we saw a spike in the number of phishing messages us=
ers reported receiving. These messages frequently posed as our campus IT H=
elpdesk and phished for user Active Directory credential information. Unfo=
rtunately, several users fell prey to this approach. In response, we creat=
ed a rule that checked for the word "password" on all incoming mail message=
s. Now, when that word is detected, it adds the following to the subject l=
ine of the mail message:
[**Possible SCAM email - Do not give out your password**]
There was an initial spike in Helpdesk calls, many of which were false posi=
tives, but that slowed down pretty quickly. However, more importantly, the=
number of compromised accounts dropped immediately. We found this to be a=
simple yet effective way of reminding users to use a bit more caution when=
responding to email requests.
Just thought I'd mention it, since it seemed relevant to the topic.
Shawn
Shawn L. Umansky
Network Engineer
Saint Michael's College
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Andy Voel=
ker
Sent: Tuesday, April 02, 2013 9:13 AM
To: RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.EDU>
Subject: Re: SPAM!!
LOL. Deb your email got marked as SPAM.
I replied to it to show you the text our filter inserts to warn people of p=
hishing attempts (which we saw a huge influx of about 6 months ago), but my=
reply was undeliverable.... Because it got marked as a reply to SPAM.
Apparently if you announce "SPAM!!" in the title it will flag it every time=
.
Check out spam *dot* wcu *dot*edu for our page to educate people about phis=
hing attempts.
-- Andy Voelker
Manager of Student Computing in the Technology Commons
WCU Staff Senator, UNC Staff Assembly
Western Carolina University
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Deborah H=
ovey Boutchyard (dhovey)
Sent: Tuesday, April 02, 2013 9:01 AM
To: RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.EDU>
Subject: SPAM!!
Have any of you seen a marked increase in the amount of SPAM that's getting=
through to users over the last couple of weeks? Our Barracudas are blocki=
ng as many as 9,000 SPAM messages an hour, but a ton of junk is still getti=
ng through!
Deb
UMW
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_491AC8CDB784AE45A77170616E8212AA0BABEA1740MSEXCHDBumwlo_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV=3D"Content-Type" CONTENT=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
oft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span style=3D'c=
olor:#1F497D'>That’s a good thought- we’ve done user awareness =
training, but any tool in the arsenal is a good thing! Thanks!<o:p></=
o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p>&nbs=
p;</o:p></span></p><div><div style=3D'border:none;border-top:solid #B5C4DF =
1.0pt;padding:3.0pt 0in 0in 0in'><p class=3DMsoNormal><b><span style=3D'fon=
t-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span styl=
e=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Resnet Forum [mai=
lto:RESNET-L@LISTSERV.ND.EDU] <b>On Behalf Of </b>Umansky, Shawn<br><b>Sent=
:</b> Tuesday, April 02, 2013 9:55 AM<br><b>To:</b> RESNET-L@LISTSERV.ND.ED=
U<br><b>Subject:</b> Re: SPAM!!<o:p></o:p></span></p></div></div><p class=
=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal><span style=3D'color=
:#1F497D'>This topic reminded me of something we implemented with our Barra=
cuda spam filter appliances a while back.<o:p></o:p></span></p><p class=3DM=
soNormal><span style=3D'color:#1F497D'><o:p> </o:p></span></p><p class=
=3DMsoNormal><span style=3D'color:#1F497D'>A couple of years ago, we saw a =
spike in the number of phishing messages users reported receiving. Th=
ese messages frequently posed as our campus IT Helpdesk and phished for use=
r Active Directory credential information. Unfortunately, several use=
rs fell prey to this approach. In response, we created a rule that ch=
ecked for the word “password” on all incoming mail messages.&nb=
sp; Now, when that word is detected, it adds the following to the subject l=
ine of the mail message:<o:p></o:p></span></p><p class=3DMsoNormal><span st=
yle=3D'color:#1F497D'><o:p> </o:p></span></p><p class=3DMsoNormal><b><=
span style=3D'color:#1F497D'>[**Possible SCAM email - Do not give out your =
password**]<o:p></o:p></span></b></p><p class=3DMsoNormal><span style=3D'co=
lor:#1F497D'><o:p> </o:p></span></p><p class=3DMsoNormal><span style=
=3D'color:#1F497D'>There was an initial spike in Helpdesk calls, many of wh=
ich were false positives, but that slowed down pretty quickly. Howeve=
r, more importantly, the number of compromised accounts dropped immediately=
. We found this to be a simple yet effective way of reminding users t=
o use a bit more caution when responding to email requests.<o:p></o:p></spa=
n></p><p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p><=
/span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>Just thought I=
’d mention it, since it seemed relevant to the topic.<o:p></o:p></spa=
n></p><p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p><=
/span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>Shawn<o:p></o:=
p></span></p><p class=3DMsoPlainText><o:p> </o:p></p><p class=3DMsoPla=
inText>Shawn L. Umansky<o:p></o:p></p><p class=3DMsoPlainText>Network Engin=
eer<o:p></o:p></p><p class=3DMsoPlainText>Saint Michael's College<o:p></o:p=
></p><p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></=
span></p><div><div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padd=
ing:3.0pt 0in 0in 0in'><p class=3DMsoNormal><b><span style=3D'font-size:10.=
0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style=3D'font-=
size:10.0pt;font-family:"Tahoma","sans-serif"'> Resnet Forum [<a href=3D"ma=
ilto:RESNET-L@LISTSERV.ND.EDU">mailto:RESNET-L@LISTSERV.ND.EDU</a>] <b>On B=
ehalf Of </b>Andy Voelker<br><b>Sent:</b> Tuesday, April 02, 2013 9:13 AM<b=
r><b>To:</b> <a href=3D"mailto:RESNET-L@LISTSERV.ND.EDU">RESNET-L@LISTSERV.=
ND.EDU</a><br><b>Subject:</b> Re: SPAM!!<o:p></o:p></span></p></div></div><=
p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal><span style=
=3D'color:#1F497D'>LOL. Deb your email got marked as SPAM. <o:p></o:p=
></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> <=
/o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>I replie=
d to it to show you the text our filter inserts to warn people of phishing =
attempts (which we saw a huge influx of about 6 months ago), but my reply w=
as undeliverable…. Because it got marked as a reply to SPAM. <b=
r><br>Apparently if you announce “SPAM!!” in the title it will =
flag it every time.<o:p></o:p></span></p><p class=3DMsoNormal><span style=
=3D'color:#1F497D'><o:p> </o:p></span></p><p class=3DMsoNormal><span s=
tyle=3D'color:#1F497D'>Check out spam *<b>dot</b>* wcu *<b>dot</b>*edu for =
our page to educate people about phishing attempts.<o:p></o:p></span></p><p=
class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span></=
p><div><p class=3DMsoNormal><span style=3D'color:#1F497D'>-- Andy Voelker<o=
:p></o:p></span></p><p class=3DMsoNormal><span style=3D'color:#1F497D'>Mana=
ger of Student Computing in the Technology Commons<o:p></o:p></span></p><p =
class=3DMsoNormal><span style=3D'color:#1F497D'>WCU Staff Senator, UNC Staf=
f Assembly<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'color:#=
1F497D'>Western Carolina University<o:p></o:p></span></p></div><p class=3DM=
soNormal><span style=3D'color:#1F497D'><o:p> </o:p></span></p><div><di=
v style=3D'border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in=
0in'><p class=3DMsoNormal><b>From:</b> Resnet Forum [<a href=3D"mailto:RES=
NET-L@LISTSERV.ND.EDU">mailto:RESNET-L@LISTSERV.ND.EDU</a>] <b>On Behalf Of=
</b>Deborah Hovey Boutchyard (dhovey)<br><b>Sent:</b> Tuesday, April 02, 2=
013 9:01 AM<br><b>To:</b> <a href=3D"mailto:RESNET-L@LISTSERV.ND.EDU">RESNE=
T-L@LISTSERV.ND.EDU</a><br><b>Subject:</b> SPAM!!<o:p></o:p></p></div></div=
><p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Times Ne=
w Roman","serif"'><o:p> </o:p></span></p><div><p class=3DMsoNormal>Hav=
e any of you seen a marked increase in the amount of SPAM that’s gett=
ing through to users over the last couple of weeks? Our Barracudas ar=
e blocking as many as 9,000 SPAM messages an hour, but a ton of junk is sti=
ll getting through! <o:p></o:p></p><p class=3DMsoNormal><o:p> </=
o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>Deb<=
o:p></o:p></p><p class=3DMsoNormal>UMW<o:p></o:p></p><p class=3DMsoNormal><=
span style=3D'font-size:12.0pt;font-family:"Times New Roman","serif"'>_____=
______________________________________________ You are subscribed to the Re=
sNet-L mailing list. <o:p></o:p></span></p><p>To subscribe, unsubscribe or =
search the archives, go to <a href=3D"http://LISTSERV.ND.EDU/archives/resne=
t-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</=
a> ___________________________________________________ <o:p></o:p></p></div=
><p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Times Ne=
w Roman","serif"'>___________________________________________________ You a=
re subscribed to the ResNet-L mailing list. <o:p></o:p></span></p><p>To sub=
scribe, unsubscribe or search the archives, go to <a href=3D"http://LISTSER=
V.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/a=
rchives/resnet-l.html</a> _________________________________________________=
__ <o:p></o:p></p><p class=3DMsoNormal><span style=3D'font-size:12.0pt;font=
-family:"Times New Roman","serif"'>________________________________________=
___________ You are subscribed to the ResNet-L mailing list. <o:p></o:p></s=
pan></p><p>To subscribe, unsubscribe or search the archives, go to <a href=
=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http:/=
/LISTSERV.ND.EDU/archives/resnet-l.html</a> _______________________________=
____________________ <o:p></o:p></p></div></body></html>=
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_491AC8CDB784AE45A77170616E8212AA0BABEA1740MSEXCHDBumwlo_--
