Educause Security Discussion
mailing list archives
Re: Mitigating Phishing Attacks
From: Steven Tardy <sjt5 () ITS MSSTATE EDU>
Date: Wed, 14 Nov 2012 16:23:46 -0600
0a) log all authentications(failed and successful) to a database.
(something homegrown similar to: Grand Unified Logging Project, GULP)
0b) create a database of ip addresses of "known bad guys"
(the phishers will keep trying from the same ip addresses)
export database to "known bad guy" DNSBL.
1) scour auth database for nigerian/anonymous-proxy logins.
notify security team *immediately* of login from "known bad guy".
2) outbound email server hold/quarantine email on "known bad guy" DNSBL.
3) watch outbound queues/graphs for jumps in size.
not perfect, but catches/prevents quite a bit.
It would be useful to know your top 3 strategies for
preventing and mitigating such occurrences. Thanks.