At 11:28 AM -0400 7/22/10, John Valenti wrote:
>hi,
>
>I was just curious if there is a consensus on what IT people should
>be doing for phishing attempts?
> (mostly for emails that my faculty/staff report to me, or
>forward and ask if it is legitimate)
>
>1. suggest they report it themselves
>2. work with them to obtain headers and report it personally
>3. respond directly to faculty/staff, but don't bother reporting
>4. something else?
Actually, if an I.T. becomes aware of a phish attempt, we would much
appreciate having those forwarded to [log in to unmask] so we can
make sure proper blocks are in place.
Or, if you care to, try sending some nominal response to the Replyto:
and From: addresses first... and then if the block is clearly already
in place, you can advise your users to simply ignore the messages. If
the block isn't there, forward and even call us to let us know.
Now.... if a user happens to have responded and provided their
credentials, that is a different matter. Those users should
immediately change password to something utterly different (if they
still have access!!) IF the phisher by change actually changes the
password, the user needs to contact the help desk for an immediate
password scramble.
/L
--
Leo Sell
ATS Help Desk
Michigan State University
517-432-6200
help.msu.edu
|