[41634] in Resnet-Forum
Re: Phishing victims' turned into spammers
daemon@ATHENA.MIT.EDU (Pistentis, Nick)
Mon Apr 17 12:36:21 2017
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_DM5PR03MB31474B6C1F8302B6109F8385CA060DM5PR03MB3147namp_"
MIME-Version: 1.0
Message-ID: <DM5PR03MB31474B6C1F8302B6109F8385CA060@DM5PR03MB3147.namprd03.prod.outlook.com>
Date: Mon, 17 Apr 2017 16:34:44 +0000
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "Pistentis, Nick" <npistent@MSUDENVER.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <DM5PR05MB34651882987F1C58627618A8B1060@DM5PR05MB3465.namprd05.prod.outlook.com>
--_000_DM5PR03MB31474B6C1F8302B6109F8385CA060DM5PR03MB3147namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
I know this is a whole different can of worms, but it sounds like it might =
be time to explore 2FA for your environment. As others have noted, we've ha=
d great results with focused education campaigns, but if it's becoming a co=
nstant problem for the entire campus it might be worth biting the bullet...
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of WILLIAM J=
. DIDOMENICO
Sent: Monday, April 17, 2017 7:27 AM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Phishing victims' turned into spammers
We are dealing with an issue where some of our users who are falling victim=
to phishing emails are having their email accounts used to send more spam =
and phishing emails, to the point where our Exchange server and Barracuda E=
mail Security Gateway can't keep up, causing very long delays in legitimate=
outbound email delivery.
The IT department has sent a number of messages out to our campus community=
about the hazards of unsolicited document sharing emails, but we continue =
to have users entering their credentials online with little regard for secu=
rity. Our current process is to place user accounts in a pseudo-quarantine =
until their password is changed and their devices scanned for malware, but =
this only happens after we notice the mail queues filling up with hundreds =
of messages.
This cat-and-mouse game is wearing on the team, so I'd like some other pers=
pectives and advice on how to keep ahead of this type of attack and how to =
protect users against themselves and their trusting nature.
Thanks,
William DiDomenico
Network Specialist
Lycoming College
700 College Place
Campus Box 142
Williamsport, PA 17701
Office: 570.321.4160
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_DM5PR03MB31474B6C1F8302B6109F8385CA060DM5PR03MB3147namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri",sans-serif;color:#1F497D">I know this is a whole different can =
of worms, but it sounds like it might be time to explore 2FA for your envir=
onment. As others have noted, we’ve had great
results with focused education campaigns, but if it’s becoming a con=
stant problem for the entire campus it might be worth biting the bulletR=
30;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:11.0pt;font-family:"=
;Calibri",sans-serif">From:</span></b><span style=3D"font-size:11.0pt;=
font-family:"Calibri",sans-serif"> Resnet Forum [mailto:RESNET-L@=
LISTSERV.ND.EDU]
<b>On Behalf Of </b>WILLIAM J. DIDOMENICO<br>
<b>Sent:</b> Monday, April 17, 2017 7:27 AM<br>
<b>To:</b> RESNET-L@LISTSERV.ND.EDU<br>
<b>Subject:</b> Phishing victims' turned into spammers<o:p></o:p></span></p=
>
</div>
</div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<div id=3D"divtagdefaultwrapper">
<p><span style=3D"font-family:"Calibri",sans-serif;color:black">W=
e are dealing with an issue where some of our users who are falling victim =
to phishing emails are having their email accounts used to send more spam a=
nd phishing emails, to the point where our Exchange
server and Barracuda Email Security Gateway can't keep up, causing very lo=
ng delays in legitimate outbound email delivery.<o:p></o:p></span></p>
<p><span style=3D"font-family:"Calibri",sans-serif;color:black"><=
o:p> </o:p></span></p>
<p><span style=3D"font-family:"Calibri",sans-serif;color:black">T=
he IT department has sent a number of messages out to our campus =
community about the hazards of unsolicited document sharing emails, but we =
continue to have users entering their credentials online
with little regard for security. Our current process is to place user acco=
unts in a pseudo-quarantine until their password is changed and their devic=
es scanned for malware, but this only happens after we notice the mail queu=
es filling up with hundreds of messages.<o:p></o:p></span></p>
<p><span style=3D"font-family:"Calibri",sans-serif;color:black"><=
o:p> </o:p></span></p>
<p><span style=3D"font-family:"Calibri",sans-serif;color:black">T=
his cat-and-mouse game is wearing on the team, so I'd like some other persp=
ectives and advice on how to keep ahead of this type of attack and how=
to protect users against themselves and their trusting
nature.<o:p></o:p></span></p>
<p><span style=3D"font-family:"Calibri",sans-serif;color:black"><=
o:p> </o:p></span></p>
<div id=3D"Signature">
<div name=3D"divtagdefaultwrapper">
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-family:"Courier New";color:black">Th=
anks,</span><span style=3D"font-family:"Calibri",sans-serif;color=
:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-family:"Courier New";color:black">&n=
bsp;</span><span style=3D"font-family:"Calibri",sans-serif;color:=
black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-family:"Courier New";color:black">Wi=
lliam DiDomenico</span><span style=3D"font-family:"Calibri",sans-=
serif;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-family:"Courier New";color:black">Ne=
twork Specialist</span><span style=3D"font-family:"Calibri",sans-=
serif;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-family:"Courier New";color:black">Ly=
coming College</span><span style=3D"font-family:"Calibri",sans-se=
rif;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-family:"Courier New";color:black">70=
0 College Place</span><span style=3D"font-family:"Calibri",sans-s=
erif;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-family:"Courier New";color:black">Ca=
mpus Box 142</span><span style=3D"font-family:"Calibri",sans-seri=
f;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-family:"Courier New";color:black">Wi=
lliamsport, PA 17701</span><span style=3D"font-family:"Calibri",s=
ans-serif;color:black"><o:p></o:p></span></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"><span style=3D"font-family:"Courier New";color:black">Of=
fice: 570.321.4160</span><span style=3D"font-family:"Calibri",san=
s-serif;color:black"><o:p></o:p></span></p>
</div>
</div>
</div>
<p class=3D"MsoNormal">___________________________________________________ =
You are subscribed to the ResNet-L mailing list.
<o:p></o:p></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
<o:p></o:p></p>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_DM5PR03MB31474B6C1F8302B6109F8385CA060DM5PR03MB3147namp_--
