Main Nav

Posted by shall@knox.edu on September 17, 2012

Phishing, and our constituents responding to it, seems to be on the increase this year.  Despite our efforts at educating our end users (posters, new faculty/student orientation, e-mail, …) we still have a handful of people who simply supply their credentials whenever asked.  Often, to phishing messages that aren’t even credible.  Seems to be fairly evenly spread amongst our faculty, staff and students.

 

What are others doing to combat this? 

 

Thanks,

 

Steve  

 

Steven S. Hall

Vice President & Chief Information Officer
KNOX COLLEGE – Information Technology Services
2 East South Street | Galesburg, IL 61401
Tel 309.341.7823 | Fax 309.341.7099

shall@knox.edu | www.knox.edu

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

AttachmentSize
image001.gif70 bytes

Comments

Steve,

 

  Been there. Here is what we did:

 

1.       We held an informational meeting at our campus with faculty and staff. The meeting was well attended and fit into with our internal professional develop program for faculty and staff (SOLD). There was a phishing quiz at the end, which was a good exercise in recognizing phishing attempts.

2.        At the same time we implemented a policy change that allowed us to deactivate user accounts of those who hand over their credentials (after being repeatable asked not to). We did not have to use this, but the fact that it was in place helped our effort I think.

3.       We switched to an external outgoing SMTP server that scans our outgoing mail to reduce damage (outgoing SPAM) in the event an account is compromised. The service is Microsoft based and part of the campus license agreement we maintain.

 

  We have not had any major problems with this issue after implementing these measures.

 

Dan

 

Posted by: stix007 on September 17, 2012
We track who responded to the phishing request by looking at who replied to a phishing request in our mail logs. 

We then set the account so it has to have a password reset done. The student can use the online password reset tool with theIr secondary email account.

This has cut the issues down a lot

Jack Suess
UMBC Division of Information Technology (DoIT)

Posted by: jack on September 17, 2012

Hi Dan,

We have also had a lot of fun in the last few months with phishing and are working to get phish training as part of our annual professional development requirement program.  I am very interested in the Microsoft service that scans outgoing SMTP traffic for spam.  Do you mind e-mailing off-line and sharing information on the product?  We are looking for more layers for our phish filtering both inbound and outbound.

 

Thanks,

 

Martin

 

Martin Patrick

Information Services

Tarrant County College District

martin.patrick@tccd.edu | www.tccd.edu

 

Posted by: martinpatrick on September 18, 2012

I am also very interested in the Microsoft service that scans outgoing SMTP traffic for spam.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  John R. Davis  <davisj@marietta.edu>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Posted by: davisj on September 18, 2012

Me three!  And I imagine others would be interested as well. . . please share the information with the list!  Spreading this kind of information is (or should be) a primary reason for having this list in the first place!

 

Thanks.

 

Bill

Bill Schleifer

Chief Information Officer

420 S. Main St. 

Nashua, NH 03060-5086

T. 603.897.8630

F. 603.897.8880

 

 

 

Posted by: bschleifer on September 18, 2012
If you use Barracuda's anti spam product, a firmware update last year included this ability as well.  Last year was the first year we didn't get blacklisted within four days of all our employees returning with their infected laptops…  It's free and included in the update.
_____________________
Steve Swartz
Chief Information Officer
Fitchburg State University
978-665-4444



Posted by: sswartz on September 18, 2012

Hey Folks,

 

  Here is a link to get started with the Microsoft service a few people were interested in:

   

  http://www.microsoft.com/exchange/en-us/fope-licensing.aspx

 

  It’s now called “Forefront Online Protection for Exchange”.

 

Thanks,

 

Dan

 

Posted by: stix007 on September 18, 2012
Post a Comment

Research and Publications

Conferences and Events

Career Development

Focus Areas and Initiatives

Connect and Contribute

About EDUCAUSE

Close

 


Current Issue
March/April 2013
EDUCAUSE Review

Publications

Research

Close


Annual Conference
October 15–18, 2013
Save the date!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

See All Events

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center

Find or Post a Job

Leadership and Management Programs

EDUCAUSE Institute
Advanced Programs
Project Management

 

Fellowships and Awards

Fellowships
Awards Programs

Getting Involved

Mentoring
Volunteer
Speak at an Event

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

Advance Your Career

 

Close

Latest Topics

EDUCAUSE organizes its efforts around three IT Focus Areas

 

Enterprise and Infrastructure

Enterprise and
Infrastructure

Policy and Security

Policy and
Security

Teaching and Learning

Teaching and
Learning

 

Join These Programs If Your Focus Is

Close

From the Blogs
The Role of Campus Leadership in Ensuring IT Accessibility
by
Diana Oblinger

Find Others

Share Ideas

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

Create Your Profile

 

Close

2013 Strategic Priorities

  • Connected Learning
  • Enterprise IT
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.
 

Discover Membership