[41632] in Resnet-Forum
Re: Phishing victims' turned into spammers
daemon@ATHENA.MIT.EDU (Becky Klein)
Mon Apr 17 10:14:07 2017
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=001a113b007a9d9b50054d5d56c7
Message-ID: <CAD6i8oK=--LBR_v4SUzxk-GYuZYA1i=aw4ZL7j3LCK4pT-dwtA@mail.gmail.com>
Date: Mon, 17 Apr 2017 09:08:43 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Becky Klein <becky.klein@VALPO.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <DM5PR05MB34651882987F1C58627618A8B1060@DM5PR05MB3465.namprd05.prod.outlook.com>
--001a113b007a9d9b50054d5d56c7
Content-Type: text/plain; charset=UTF-8
At Valpo, we used to have a big problem with people falling victim and then
the scams continuing to spread across campus through the phishers accessing
the global addressbook. We use Gmail, and we've found that if enough people
report a message as phishing that Gmail automatically starts filtering out
the offending messages from inboxes *and* disables the victimized account
so it can no longer propagate the scam. I believe it's a multi-step process
to unlock the account, including an admin on our side unlocking *and* the
user changing their password.
In addition, several years ago we started sending out campus-wide emails
when we are in the midst of a phishing outbreak. Once our Help Desk
receives five reports, we send out a message with a description of the
message that advises people of the following: 1) don't click the link, 2)
don't give out your login information, 3) report the message as phishing in
Gmail. Since doing that consistently for several years now, we've noticed a
significant decrease in the number of victims on campus, as well as better
awareness throughout our user base of how to spot suspicious messages. At
this point, our users are so suspicious that they are wary of legitimate
messages! But we'd rather they be safe than sorry.
-Becky Klein
On Mon, Apr 17, 2017 at 8:26 AM, WILLIAM J. DIDOMENICO <
didomenico@lycoming.edu> wrote:
> We are dealing with an issue where some of our users who are falling
> victim to phishing emails are having their email accounts used to send more
> spam and phishing emails, to the point where our Exchange server and
> Barracuda Email Security Gateway can't keep up, causing very long delays in
> legitimate outbound email delivery.
>
>
> The IT department has sent a number of messages out to our campus
> community about the hazards of unsolicited document sharing emails, but we
> continue to have users entering their credentials online with little regard
> for security. Our current process is to place user accounts in a
> pseudo-quarantine until their password is changed and their devices scanned
> for malware, but this only happens after we notice the mail queues filling
> up with hundreds of messages.
>
>
> This cat-and-mouse game is wearing on the team, so I'd like some other
> perspectives and advice on how to keep ahead of this type of attack and how
> to protect users against themselves and their trusting nature.
>
>
> Thanks,
>
>
>
> William DiDomenico
>
> Network Specialist
>
> Lycoming College
>
> 700 College Place
>
> Campus Box 142
>
> Williamsport, PA 17701
>
> Office: 570.321.4160
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
--
Becky (Belmont '97) Klein
<http://www.google.com/calendar/embed?src=becky.klein%40valpo.edu&ctz=America/Chicago>
Manager of IT Communications
Valparaiso University
Office of Information Technology
Phone: 219.464.5986
valpo.edu/it
*New skills. Improved skills. Now. Login to Lynda.com
<http://valpo.edu/r/lynda>!*
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--001a113b007a9d9b50054d5d56c7
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">At Valpo, we used to have a big problem with people fallin=
g victim and then the scams continuing to spread across campus through the =
phishers accessing the global addressbook. We use Gmail, and we've foun=
d that if enough people report a message as phishing that Gmail automatical=
ly starts filtering out the offending messages from inboxes *and* disables =
the victimized account so it can no longer propagate the scam. I believe it=
's a multi-step process to unlock the account, including an admin on ou=
r side unlocking *and* the user changing their password.<div><br></div><div=
>In addition, several years ago we started sending out campus-wide emails w=
hen we are in the midst of a phishing outbreak. Once our Help Desk receives=
five reports, we send out a message with a description of the message that=
advises people of the following: 1) don't click the link, 2) don't=
give out your login information, 3) report the message as phishing in Gmai=
l. Since doing that consistently for several years now, we've noticed a=
significant decrease in the number of victims on campus, as well as better=
awareness throughout our user base of how to spot suspicious messages. At =
this point, our users are so suspicious that they are wary of legitimate me=
ssages! But we'd rather they be safe than sorry.</div><div><br></div><d=
iv>-Becky Klein</div><div><br></div></div><div class=3D"gmail_extra"><br><d=
iv class=3D"gmail_quote">On Mon, Apr 17, 2017 at 8:26 AM, WILLIAM J. DIDOME=
NICO <span dir=3D"ltr"><<a href=3D"mailto:didomenico@lycoming.edu" targe=
t=3D"_blank">didomenico@lycoming.edu</a>></span> wrote:<br><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;=
padding-left:1ex">
<div dir=3D"ltr">
<div id=3D"m_-7417126977654498479divtagdefaultwrapper" style=3D"font-size:1=
2pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif" dir=3D"lt=
r">
<p>We are dealing with an issue where some of our users who are falling vic=
tim to phishing emails are having their email accounts used to send more sp=
am and phishing emails, to the point where our Exchange server and Barracud=
a Email Security Gateway can't keep
up, causing very long delays in legitimate outbound email delivery.</p>
<p><br>
</p>
<p>The=C2=A0IT department has sent=C2=A0a number of messages out to our cam=
pus community about the hazards of unsolicited document sharing emails, but=
we continue to have users entering their credentials online with little re=
gard for security. Our current process is
to place user accounts in a pseudo-quarantine until their password is chan=
ged and their devices scanned for malware, but this only happens after we n=
otice the mail queues filling up with hundreds of messages.</p>
<p><br>
</p>
<p>This cat-and-mouse game is wearing on the team, so I'd like some oth=
er perspectives and advice=C2=A0on how to keep ahead of this type of attack=
and how to protect users against themselves and their trusting nature.</p>
<p><br>
</p>
<div id=3D"m_-7417126977654498479Signature">
<div name=3D"divtagdefaultwrapper">
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Thanks,</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
=C2=A0</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
William DiDomenico</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Network Specialist</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Lycoming College</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
700 College Place</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Campus Box 142</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Williamsport, PA 17701</span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Office: 570.321.4160</span></p>
</div>
</div>
</div>
</div>
______________________________<wbr>_____________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a>
______________________________<wbr>_____________________
</p></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div cla=
ss=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">=
<div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><div dir=
=3D"ltr"><div><font face=3D"arial, helvetica, sans-serif"><br></font></div>=
<font face=3D"arial, helvetica, sans-serif"><a href=3D"http://www.google.co=
m/calendar/embed?src=3Dbecky.klein%40valpo.edu&ctz=3DAmerica/Chicago" t=
arget=3D"_blank">Becky (Belmont '97) Klein</a></font></div><div dir=3D"=
ltr"><font face=3D"arial, helvetica, sans-serif">Manager of IT Communicatio=
ns</font></div><div dir=3D"ltr"><div><div><font face=3D"arial, helvetica, s=
ans-serif">Valparaiso University</font></div><div><font face=3D"arial, helv=
etica, sans-serif">Office of Information Technology</font></div><div><font =
face=3D"arial, helvetica, sans-serif">Phone: 219.464.5986</font></div></div=
><div><font face=3D"arial, helvetica, sans-serif"><a href=3D"http://valpo.e=
du/it" target=3D"_blank">valpo.edu/it</a></font></div><div><font face=3D"ar=
ial, helvetica, sans-serif"><br></font></div><div><i><font face=3D"arial, h=
elvetica, sans-serif">New skills. Improved skills. Now. Login to <b><a href=
=3D"http://valpo.edu/r/lynda" target=3D"_blank">Lynda.com</a></b>!</font></=
i></div></div></div></div></div></div></div></div></div></div>
</div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--001a113b007a9d9b50054d5d56c7--
