 |
 |
At 11:28 AM -0400 7/22/10, John Valenti wrote: >hi, > >I was just curious if there is a consensus on what IT people should >be doing for phishing attempts? > (mostly for emails that my faculty/staff report to me, or >forward and ask if it is legitimate) > >1. suggest they report it themselves >2. work with them to obtain headers and report it personally >3. respond directly to faculty/staff, but don't bother reporting >4. something else? Actually, if an I.T. becomes aware of a phish attempt, we would much appreciate having those forwarded to [log in to unmask] so we can make sure proper blocks are in place. Or, if you care to, try sending some nominal response to the Replyto: and From: addresses first... and then if the block is clearly already in place, you can advise your users to simply ignore the messages. If the block isn't there, forward and even call us to let us know. Now.... if a user happens to have responded and provided their credentials, that is a different matter. Those users should immediately change password to something utterly different (if they still have access!!) IF the phisher by change actually changes the password, the user needs to contact the help desk for an immediate password scramble. /L -- Leo Sell ATS Help Desk Michigan State University 517-432-6200 help.msu.edu