Educause Security Discussion: Re: Notifying organizations when you receive phishing e-mails from them

[Roger A Safian <r-safian () NORTHWESTERN EDU>]

I usually try abuse@ if the site sending the phishing seems like they might take some action.  I also look at ARIN and 
get the security contact if need be.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tonkin, 
Derek K
Sent: Friday, January 25, 2013 10:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Notifying organizations when you receive phishing e-mails from them

Does anyone try to reach out to the IT departments of organizations you receive phishing e-mails from?  We received 
some today that is coming from an @nih.gov account and I was trying to determine how I could notify them.  I got to 
thinking that it might be a worthwhile to build a page on our website where we could allow outside organizations to 
report spam/phishing messages from accounts on our domain.  Has anyone else done this or even considered it?

Thanks!
___________________________________________________________
DEREK TONKIN
Information Security Analyst
ITS - Networking Systems
DPKG Suite 117.3
(254) 710-7061
Derek_Tonkin () Baylor edu<mailto:Derek_Tonkin () Baylor edu>

External Mailing Address
One Bear Place #97268
Waco, TX 76798-7268
[Description: bearawarefinal]