Main Nav

Phishing, and our constituents responding to it, seems to be on the increase this year.  Despite our efforts at educating our end users (posters, new faculty/student orientation, e-mail, …) we still have a handful of people who simply supply their credentials whenever asked.  Often, to phishing messages that aren’t even credible.  Seems to be fairly evenly spread amongst our faculty, staff and students.


What are others doing to combat this? 






Steven S. Hall

Vice President & Chief Information Officer
KNOX COLLEGE – Information Technology Services
2 East South Street | Galesburg, IL 61401
Tel 309.341.7823 | Fax 309.341.7099 |


********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at

image001.gif70 bytes




  Been there. Here is what we did:


1.       We held an informational meeting at our campus with faculty and staff. The meeting was well attended and fit into with our internal professional develop program for faculty and staff (SOLD). There was a phishing quiz at the end, which was a good exercise in recognizing phishing attempts.

2.        At the same time we implemented a policy change that allowed us to deactivate user accounts of those who hand over their credentials (after being repeatable asked not to). We did not have to use this, but the fact that it was in place helped our effort I think.

3.       We switched to an external outgoing SMTP server that scans our outgoing mail to reduce damage (outgoing SPAM) in the event an account is compromised. The service is Microsoft based and part of the campus license agreement we maintain.


  We have not had any major problems with this issue after implementing these measures.




We track who responded to the phishing request by looking at who replied to a phishing request in our mail logs. 

We then set the account so it has to have a password reset done. The student can use the online password reset tool with theIr secondary email account.

This has cut the issues down a lot

Jack Suess
UMBC Division of Information Technology (DoIT)

Hi Dan,

We have also had a lot of fun in the last few months with phishing and are working to get phish training as part of our annual professional development requirement program.  I am very interested in the Microsoft service that scans outgoing SMTP traffic for spam.  Do you mind e-mailing off-line and sharing information on the product?  We are looking for more layers for our phish filtering both inbound and outbound.






Martin Patrick

Information Services

Tarrant County College District |


I am also very interested in the Microsoft service that scans outgoing SMTP traffic for spam.

  John R. Davis  <>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812

Me three!  And I imagine others would be interested as well. . . please share the information with the list!  Spreading this kind of information is (or should be) a primary reason for having this list in the first place!





Bill Schleifer

Chief Information Officer

420 S. Main St. 

Nashua, NH 03060-5086

T. 603.897.8630

F. 603.897.8880




If you use Barracuda's anti spam product, a firmware update last year included this ability as well.  Last year was the first year we didn't get blacklisted within four days of all our employees returning with their infected laptops…  It's free and included in the update.
Steve Swartz
Chief Information Officer
Fitchburg State University

Hey Folks,


  Here is a link to get started with the Microsoft service a few people were interested in:


  It’s now called “Forefront Online Protection for Exchange”.