[41451] in Resnet-Forum
Re: Email Scam Problems
daemon@ATHENA.MIT.EDU (Koerber, Jeff)
Thu Nov 3 21:24:20 2016
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_921419E211854808A3ACC5FF203D05E4towsonedu_"
MIME-Version: 1.0
Message-ID: <921419E2-1185-4808-A3AC-C5FF203D05E4@towson.edu>
Date: Fri, 4 Nov 2016 00:41:28 +0000
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "Koerber, Jeff" <jkoerber@TOWSON.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <CAJ0zta+3DFVY9dCt=UNhf=OfnJ0+UZeP5O=ym7eBb4i=TAGiLg@mail.gmail.com>
--_000_921419E211854808A3ACC5FF203D05E4towsonedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
I like the idea of Phishing our clients, but others seem to think people wo=
uld take offense to it.
Publicizing that your department never asks for passwords doesn't work beca=
use people don't see clicking on a link and getting a password prompt as yo=
u asking for their passwords.
The phishing that we have been seeing lately is much more believable. No mi=
sspellings, duplicating our real login pages and even registering domains, =
such as Towson-edu.tk (which I have asked to be taken down twice since Satu=
rday, and was still up yesterday). The last one asked recipients to check t=
heir health records. I could see someone who just went to our health center=
falling for that one (we have been hit hard with the flu lately).
We had a InfoSec event on Monday and at my booth, I was showing people what=
the last attack looked like asking them "would you log into this page?" Mo=
st didn't notice that the domain wasn't ours; one grabbed my phone and star=
ted to attempt logging in :).
Jeff Koerber
Supervisor, Student Computing Services Lab and Service Desk
Towson University
Towson, MD
Sent from my iPhone
On Nov 3, 2016, at 2:59 PM, Randy Kouns <randykouns@GMAIL.COM<mailto:randyk=
ouns@GMAIL.COM>> wrote:
Hey Jim, been a while.... hope things are getting better for you... I am =
no longer in Education side of IT but, still stay interested in the happeni=
ngs... I have joined the municipal government field as the Director of IT=
for a city here in Indiana... one of our sub-government entities is curr=
ently using and I am planning of subscribing to the Knowbe4 (www.knowbe4.co=
m<http://www.knowbe4.com>) service. They provide training video's that a=
re then followed by an interactive email test...that tracks and records use=
rs who click links when they shouldn't so remedial training can be accompli=
shed. the quote I have for this service is approximately $2200 per year f=
or 500 employees.
Good luck with your issues.
Randy Kouns
On Thu, Nov 3, 2016 at 9:42 AM, Rizzo, Jim <JRIZZO@providence.edu<mailto:JR=
IZZO@providence.edu>> wrote:
Hey all,
We're having serious issues with phishing and email scams. In fact, we seem=
to have been hit with a zero-day ransomware virus that encrypted a whole b=
unch of files on a couple people's computers and network drives. The networ=
k drives can be restored from the last good backup. The local files seem to=
be a lost cause.
Anyway... How do you all inform, educate, scold, whatever people about thes=
e types of problems? The ransomware issue was related to actually clicking =
on a bad attachment (and seems to have required downloading a zip file and =
unzipping it and then running the VBS file contained within). Phishing is j=
ust that. People seem to have no problem sharing their passwords. We fairly=
regularly send emails to the campus about suspicious email messages, unexp=
ected attachments, and messages asking people to share their passwords. The=
y seem to fall on deaf ears/eyes. The same people read those emails, and it=
's not the people who need to be taking the message to heart.
Looking for any ideas here. If you have a webpage about it, please share th=
e link. If you send emails, please share the text of the email.
Thanks!
Jim
--
Jim Rizzo
Helpdesk Manager
Providence College Information Technology
(401) 865-1277<tel:%28401%29%20865-1277>
http://www.providence.edu/helpdesk
http://www.providence.edu/ihelp
Like us on Facebook!
http://www.facebook.com/ProvCollHelpDesk
Follow us on Twitter!
http://twitter.com/PCITHelpdesk
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_921419E211854808A3ACC5FF203D05E4towsonedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body dir=3D"auto">
<div>I like the idea of Phishing our clients, but others seem to think peop=
le would take offense to it. </div>
<div><br>
</div>
<div>Publicizing that your department never asks for passwords doesn't work=
because people don't see clicking on a link and getting a password prompt =
as you asking for their passwords. </div>
<div><br>
</div>
<div>The phishing that we have been seeing lately is much more believable. =
No misspellings, duplicating our real login pages and even registering doma=
ins, such as Towson-edu.tk (which I have asked to be taken down twice since=
Saturday, and was still up yesterday).
The last one asked recipients to check their health records. I could see s=
omeone who just went to our health center falling for that one (we have bee=
n hit hard with the flu lately). </div>
<div><br>
</div>
<div>We had a InfoSec event on Monday and at my booth, I was showing people=
what the last attack looked like asking them "would you log into this=
page?" Most didn't notice that the domain wasn't ours; one grabbed my=
phone and started to attempt logging in :). <br>
<br>
<div>
<div>Jeff Koerber</div>
<div>Supervisor, Student Computing Services Lab and Service Desk</div>
<div>Towson University </div>
<div>Towson, MD</div>
<div><br>
</div>
Sent from my iPhone</div>
</div>
<div><br>
On Nov 3, 2016, at 2:59 PM, Randy Kouns <<a href=3D"mailto:randykouns@GM=
AIL.COM">randykouns@GMAIL.COM</a>> wrote:<br>
<br>
</div>
<blockquote type=3D"cite">
<div>
<div dir=3D"ltr">Hey Jim, been a while.... hope things are getting better f=
or you... I am no longer in Education side of IT but, still stay int=
erested in the happenings... I have joined the municipal government =
field as the Director of IT for a city here
in Indiana... one of our sub-government entities is currently using=
and I am planning of subscribing to the Knowbe4 (<a href=3D"http://www.kno=
wbe4.com">www.knowbe4.com</a>) service. They provide training =
video's that are then followed by an interactive
email test...that tracks and records users who click links when they shoul=
dn't so remedial training can be accomplished. the quote I have for =
this service is approximately $2200 per year for 500 employees.
<div><br>
</div>
<div>Good luck with your issues.</div>
<div><br>
</div>
<div>Randy Kouns</div>
<div><br>
</div>
</div>
<div class=3D"gmail_extra"><br>
<div class=3D"gmail_quote">On Thu, Nov 3, 2016 at 9:42 AM, Rizzo, Jim <span=
dir=3D"ltr">
<<a href=3D"mailto:JRIZZO@providence.edu" target=3D"_blank">JRIZZO@provi=
dence.edu</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
<div bgcolor=3D"white" lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"m_-5829323089659922640WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Hey all,<u></u><u><=
/u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u> <u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">We’re having =
serious issues with phishing and email scams. In fact, we seem to have been=
hit with a zero-day ransomware virus that encrypted a whole bunch of files=
on a couple people’s computers and network
drives. The network drives can be restored from the last good backup. The =
local files seem to be a lost cause.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u> <u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Anyway… How d=
o you all inform, educate, scold, whatever people about these types of prob=
lems? The ransomware issue was related to actually clicking on a bad attach=
ment (and seems to have required downloading
a zip file and unzipping it and then running the VBS file contained within=
). Phishing is just that. People seem to have no problem sharing their pass=
words. We fairly regularly send emails to the campus about suspicious email=
messages, unexpected attachments,
and messages asking people to share their passwords. They seem to fall on =
deaf ears/eyes. The same people read those emails, and it’s not the p=
eople who need to be taking the message to heart.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u> <u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Looking for any ide=
as here. If you have a webpage about it, please share the link. If you send=
emails, please share the text of the email.
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u> <u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Thanks!<u></u><u></=
u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Jim<u></u><u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u> <u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">-- =
;<u></u><u></u></span></p>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Jim Riz=
zo<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Helpdes=
k Manager<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Provide=
nce College Information Technology<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><a href=
=3D"tel:%28401%29%20865-1277" value=3D"+14018651277" target=3D"_blank">=
(401) 865-1277</a><u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><u></u>=
<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><a href=
=3D"http://www.providence.edu/helpdesk" target=3D"_blank"><span style=3D"co=
lor:blue">http://www.providence.edu/<wbr>helpdesk</span></a><u></u><u></u><=
/span></p>
</div>
<div>
<p class=3D"MsoNormal"><u><span style=3D"font-size:10.5pt;color:black"><a h=
ref=3D"http://www.providence.edu/ihelp" target=3D"_blank"><span style=3D"co=
lor:blue">http://www.providence.edu/<wbr>ihelp</span></a></span></u><span s=
tyle=3D"font-size:10.5pt;color:black"><u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><u></u>=
<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Like us=
on Facebook!<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><a href=
=3D"http://www.facebook.com/ProvCollHelpDesk" target=3D"_blank"><span style=
=3D"color:blue">http://www.facebook.com/<wbr>ProvCollHelpDesk</span></a><u>=
</u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><u></u>=
<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Follow =
us on Twitter!<u></u><u></u></span></p>
</div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><a href=
=3D"http://twitter.com/PCITHelpdesk" target=3D"_blank"><span style=3D"color=
:blue">http://twitter.com/<wbr>PCITHelpdesk</span></a></span><u></u><u></u>=
</p>
</div>
</div>
______________________________<wbr>_____________________ You are subscribed=
to the ResNet-L mailing list.
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a> ____________________=
__________<wbr>_____________________
</p>
</blockquote>
</div>
<br>
</div>
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
</p>
</div>
</blockquote>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_921419E211854808A3ACC5FF203D05E4towsonedu_--
