Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Blocking phishing URL's
From: Bob Bayn <bob.bayn () USU EDU>
Date: Mon, 2 Dec 2013 16:35:48 +0000

Since the Oxford incident and the subsequent addition of a warning at the bottom of google docs forms, we haven't seen 
them used much at all for phishing.  Instead, phishers have moved on to services like jimdo(.)com,  webs(.)com,  
yolasite(.)com and coffeecup(.)com among others.  The whole list that we watch out for is maintained at:

And I have recruited about 350 "Internet Skeptics" who report phish messages to me.

Bob Bayn    SER 301    (435)797-2396       IT Security Team
Office of Information Technology,     Utah State University
     three common hazardous email scams to watch out for:
     1) unfamiliar transaction report from familiar business
     2) attachment with no explanation in message body
     3) "phishing" for your email password
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Mally Mclane 
[mally.mclane () BRISTOL AC UK]
Sent: Monday, December 02, 2013 9:20 AM
Subject: Re: [SECURITY] Blocking phishing URL's


Out of curiosity, do any of you do anything special for those using Google Docs / Forms for phishing?


On 2 Dec 2013 16:16, "Julian Y Koh" <kohster () northwestern edu<mailto:kohster () northwestern edu>> wrote:
On Dec 2, 2013, at 09:16 , "Ullman, Catherine" <cende () BUFFALO EDU<mailto:cende () BUFFALO EDU>>

I’ve been asked to investigate what other institutions are doing to block access to URL’s at the edge (i.e. block 
connections when people click on a URL, despite virtual hosting or fastflux DNS).

We use our Palo Alto firewalls to block this type of traffic.

Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
NUIT Web Site: <http://www.it.northwestern.edu/>
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]