Main Nav

Phishing, and our constituents responding to it, seems to be on the increase this year.  Despite our efforts at educating our end users (posters, new faculty/student orientation, e-mail, …) we still have a handful of people who simply supply their credentials whenever asked.  Often, to phishing messages that aren’t even credible.  Seems to be fairly evenly spread amongst our faculty, staff and students.

 

What are others doing to combat this? 

 

Thanks,

 

Steve  

 

Steven S. Hall

Vice President & Chief Information Officer
KNOX COLLEGE – Information Technology Services
2 East South Street | Galesburg, IL 61401
Tel 309.341.7823 | Fax 309.341.7099

shall@knox.edu | www.knox.edu

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

AttachmentSize
image001.gif70 bytes

Comments

Steve,

 

  Been there. Here is what we did:

 

1.       We held an informational meeting at our campus with faculty and staff. The meeting was well attended and fit into with our internal professional develop program for faculty and staff (SOLD). There was a phishing quiz at the end, which was a good exercise in recognizing phishing attempts.

2.        At the same time we implemented a policy change that allowed us to deactivate user accounts of those who hand over their credentials (after being repeatable asked not to). We did not have to use this, but the fact that it was in place helped our effort I think.

3.       We switched to an external outgoing SMTP server that scans our outgoing mail to reduce damage (outgoing SPAM) in the event an account is compromised. The service is Microsoft based and part of the campus license agreement we maintain.

 

  We have not had any major problems with this issue after implementing these measures.

 

Dan

 

We track who responded to the phishing request by looking at who replied to a phishing request in our mail logs. 

We then set the account so it has to have a password reset done. The student can use the online password reset tool with theIr secondary email account.

This has cut the issues down a lot

Jack Suess
UMBC Division of Information Technology (DoIT)

Hi Dan,

We have also had a lot of fun in the last few months with phishing and are working to get phish training as part of our annual professional development requirement program.  I am very interested in the Microsoft service that scans outgoing SMTP traffic for spam.  Do you mind e-mailing off-line and sharing information on the product?  We are looking for more layers for our phish filtering both inbound and outbound.

 

Thanks,

 

Martin

 

Martin Patrick

Information Services

Tarrant County College District

martin.patrick@tccd.edu | www.tccd.edu

 


I am also very interested in the Microsoft service that scans outgoing SMTP traffic for spam.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  John R. Davis  <davisj@marietta.edu>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Me three!  And I imagine others would be interested as well. . . please share the information with the list!  Spreading this kind of information is (or should be) a primary reason for having this list in the first place!

 

Thanks.

 

Bill

Bill Schleifer

Chief Information Officer

420 S. Main St. 

Nashua, NH 03060-5086

T. 603.897.8630

F. 603.897.8880

 

 

 

If you use Barracuda's anti spam product, a firmware update last year included this ability as well.  Last year was the first year we didn't get blacklisted within four days of all our employees returning with their infected laptops…  It's free and included in the update.
_____________________
Steve Swartz
Chief Information Officer
Fitchburg State University
978-665-4444



Hey Folks,

 

  Here is a link to get started with the Microsoft service a few people were interested in:

   

  http://www.microsoft.com/exchange/en-us/fope-licensing.aspx

 

  It’s now called “Forefront Online Protection for Exchange”.

 

Thanks,

 

Dan

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.