[41629] in Resnet-Forum
Phishing victims' turned into spammers
daemon@ATHENA.MIT.EDU (WILLIAM J. DIDOMENICO)
Mon Apr 17 09:27:12 2017
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_DM5PR05MB34651882987F1C58627618A8B1060DM5PR05MB3465namp_"
MIME-Version: 1.0
Message-ID: <DM5PR05MB34651882987F1C58627618A8B1060@DM5PR05MB3465.namprd05.prod.outlook.com>
Date: Mon, 17 Apr 2017 13:26:33 +0000
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "WILLIAM J. DIDOMENICO" <didomenico@LYCOMING.EDU>
To: RESNET-L@listserv.nd.edu
--_000_DM5PR05MB34651882987F1C58627618A8B1060DM5PR05MB3465namp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
We are dealing with an issue where some of our users who are falling victim=
to phishing emails are having their email accounts used to send more spam =
and phishing emails, to the point where our Exchange server and Barracuda E=
mail Security Gateway can't keep up, causing very long delays in legitimate=
outbound email delivery.
The IT department has sent a number of messages out to our campus community=
about the hazards of unsolicited document sharing emails, but we continue =
to have users entering their credentials online with little regard for secu=
rity. Our current process is to place user accounts in a pseudo-quarantine =
until their password is changed and their devices scanned for malware, but =
this only happens after we notice the mail queues filling up with hundreds =
of messages.
This cat-and-mouse game is wearing on the team, so I'd like some other pers=
pectives and advice on how to keep ahead of this type of attack and how to =
protect users against themselves and their trusting nature.
Thanks,
William DiDomenico
Network Specialist
Lycoming College
700 College Place
Campus Box 142
Williamsport, PA 17701
Office: 570.321.4160
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_DM5PR05MB34651882987F1C58627618A8B1060DM5PR05MB3465namp_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;margi=
n-bottom:0;} --></style>
</head>
<body dir=3D"ltr">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;font=
-family:Calibri,Arial,Helvetica,sans-serif;" dir=3D"ltr">
<p>We are dealing with an issue where some of our users who are falling vic=
tim to phishing emails are having their email accounts used to send more sp=
am and phishing emails, to the point where our Exchange server and Barracud=
a Email Security Gateway can't keep
up, causing very long delays in legitimate outbound email delivery.</p>
<p><br>
</p>
<p>The IT department has sent a number of messages out to our cam=
pus community about the hazards of unsolicited document sharing emails, but=
we continue to have users entering their credentials online with little re=
gard for security. Our current process is
to place user accounts in a pseudo-quarantine until their password is chan=
ged and their devices scanned for malware, but this only happens after we n=
otice the mail queues filling up with hundreds of messages.</p>
<p><br>
</p>
<p>This cat-and-mouse game is wearing on the team, so I'd like some other p=
erspectives and advice on how to keep ahead of this type of attack and=
how to protect users against themselves and their trusting nature.</p>
<p><br>
</p>
<div id=3D"Signature">
<div style=3D"font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; m=
argin:0" name=3D"divtagdefaultwrapper">
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Thanks,</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
William DiDomenico</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Network Specialist</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Lycoming College</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
700 College Place</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Campus Box 142</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Williamsport, PA 17701</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Office: 570.321.4160</span></p>
</div>
</div>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_DM5PR05MB34651882987F1C58627618A8B1060DM5PR05MB3465namp_--
