Educause Security Discussion
mailing list archives
Re: Blocking phishing URL's
From: Bob Bayn <bob.bayn () USU EDU>
Date: Mon, 2 Dec 2013 16:35:48 +0000
Since the Oxford incident and the subsequent addition of a warning at the bottom of google docs forms, we haven't seen
them used much at all for phishing. Instead, phishers have moved on to services like jimdo(.)com, webs(.)com,
yolasite(.)com and coffeecup(.)com among others. The whole list that we watch out for is maintained at:
And I have recruited about 350 "Internet Skeptics" who report phish messages to me.
Bob Bayn SER 301 (435)797-2396 IT Security Team
Office of Information Technology, Utah State University
three common hazardous email scams to watch out for:
1) unfamiliar transaction report from familiar business
2) attachment with no explanation in message body
3) "phishing" for your email password
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Mally Mclane
[mally.mclane () BRISTOL AC UK]
Sent: Monday, December 02, 2013 9:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Blocking phishing URL's
Out of curiosity, do any of you do anything special for those using Google Docs / Forms for phishing?
On 2 Dec 2013 16:16, "Julian Y Koh" <kohster () northwestern edu<mailto:kohster () northwestern edu>> wrote:
On Dec 2, 2013, at 09:16 , "Ullman, Catherine" <cende () BUFFALO EDU<mailto:cende () BUFFALO EDU>>
I’ve been asked to investigate what other institutions are doing to block access to URL’s at the edge (i.e. block
connections when people click on a URL, despite virtual hosting or fastflux DNS).
We use our Palo Alto firewalls to block this type of traffic.
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)
2001 Sheridan Road #G-166
Evanston, IL 60208
NUIT Web Site: <http://www.it.northwestern.edu/>
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>