 |
 |
I like this, because it answers your questions and says everything else that has been said in this thread. Phishing: Online Security and Identify Theft - TB4194 http://techbase.msu.edu/article.asp?id=4194 Michael Loomis MSU, ATS Network Management Whether you think you can or whether you think you can't, you're right! ~ Henry Ford -----Original Message----- From: Leo Sell [mailto:[log in to unmask]] Sent: Thursday, July 22, 2010 11:57 AM To: [log in to unmask] Subject: Re: [MSUNAG] Phishing response? At 11:28 AM -0400 7/22/10, John Valenti wrote: >hi, > >I was just curious if there is a consensus on what IT people should be >doing for phishing attempts? > (mostly for emails that my faculty/staff report to me, or forward and >ask if it is legitimate) > >1. suggest they report it themselves >2. work with them to obtain headers and report it personally 3. respond >directly to faculty/staff, but don't bother reporting 4. something >else? Actually, if an I.T. becomes aware of a phish attempt, we would much appreciate having those forwarded to [log in to unmask] so we can make sure proper blocks are in place. Or, if you care to, try sending some nominal response to the Replyto: and From: addresses first... and then if the block is clearly already in place, you can advise your users to simply ignore the messages. If the block isn't there, forward and even call us to let us know. Now.... if a user happens to have responded and provided their credentials, that is a different matter. Those users should immediately change password to something utterly different (if they still have access!!) IF the phisher by change actually changes the password, the user needs to contact the help desk for an immediate password scramble. /L -- Leo Sell ATS Help Desk Michigan State University 517-432-6200 help.msu.edu