1 / 23

Phishing Scams at K-State

Phishing Scams at K-State. What We Do What We Don’t Do What We Should Do. What We Do. Receive Sample with Full Headers Verify Links are Active and Malicious Block non-https URLs at the Border Ask Trend to Block URLs With WRS Put Reply-to Addresses on APER Notify Originating ISP

ormand
Download Presentation

Phishing Scams at K-State

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing Scams at K-State What We Do What We Don’t Do What We Should Do

  2. What We Do • Receive Sample with Full Headers • Verify Links are Active and Malicious • Block non-https URLs at the Border • Ask Trend to Block URLs With WRS • Put Reply-to Addresses on APER • Notify Originating ISP • Notify Destination ISP or Web Host • Post to Threats/Scams Blog • Create Service Now Incident

  3. 1. Receive Sample with Full Headers

  4. 1. Important Parts of the Header URL http://onlinegamblingrealmoney.net/onlineupdate Received: from mail.fox.k12.mo.us [150.199.176.125] Return-Path: HayesC@fox.k12.mo.us

  5. 2. Verify Links are Active and Malicious

  6. 3. Block non-https URLs at the border with Procera

  7. 3. Procera Blocked Page

  8. 4. Ask Trend to Block URLs With Web Reputation Services

  9. 4. Trend Blocked Page

  10. 5. Put Reply-to Address on APERhttp://code.google.com/p/anti-phishing-email-reply/

  11. 6. Notify Originating ISP

  12. 7. Notify Web Host / Destination ISP

  13. 7. Report GoogleDocs

  14. 7. Report GoogleDocs

  15. 7. Report GoogleDocshttp://www.google.com/safebrowsing/report_phish/

  16. 8. Post to Threats/Scams Blog

  17. 8. Post to Threats/Scams Blog

  18. 9. Create ServiceNow Incident

  19. Is It Effective? – 426 Scams

  20. Is It Effective? – 315 Compromises

  21. What We Don’t Do • Prevent All Phishing Scams From Being Delivered • Pull Scams From Inboxes • Prevent All Responses • Identify Responses Prior to Account Being Used by Scammers

  22. What We Should Do • Process every scam in 1st hour • Educate every user on dangers of and how to recognize scams • Clearly differentiate official emails

  23. URLs • http://www.k-state.edu/its/security/netsafety/email/blocked.html • http://code.google.com/p/anti-phishing-email-reply/ • http://www.google.com/safebrowsing/report_phish/ • http://threats.itsecurity.k-state.edu/ • https://blogs.k-state.edu/scams/

More Related