 |
 |
hi, I was just curious if there is a consensus on what IT people should be doing for phishing attempts? (mostly for emails that my faculty/staff report to me, or forward and ask if it is legitimate) 1. suggest they report it themselves 2. work with them to obtain headers and report it personally 3. respond directly to faculty/staff, but don't bother reporting 4. something else? I usually do #1 or #3, depending on how good the attempt is. But sometimes I'm surprised by how amateurish the messages are, and still people will ask if it is legitimate. thanks -John