I despair sometimes, I really do!

We recently have a phishing email slip through our defences. OK, so these things happen from time to time.  Unfortunately it seems that a modicum of intelligence is no longer among the criteria for being a member of staff at a University.  This week we have had at least three users obligingly click on the link included in the phishing email and supply their ID and password.   You know what’s coming next, don’t you? Yep! Within ours of them responding, their email account is used via OWA to inject 1000s of spam emails  into the queue.

Fortunately we employ rate limiting on outbound email so once the system detects an address sening out more than x messages per minute, it freezes all subsequent email from that sender.  This has been pretty effective and minimising the impact on the system.

To make matters worse, in addition to staff who respond to phishing email we also have members who subsequently email the (compromised) sender informing them that they cannot access the link in the email (which we’ve usually blocked on proxies/firewall by this time) – despite the “sender” being absolutely nothing to do with central IT!

*sigh*