>>> On 4/12/2010 at 4:28 PM, Brian Hoort <[log in to unmask]> wrote:
> That is either the best spear-phish I*ve ever seen, or it*s
legit. Is it
> just me, or is doing this a bad idea? I would never send out a
*change your
> password now or you*ll be cut off!!!* email. We*ve spent over a
decade
> trying to teach users not to believe *give me your password, you
dolt*
> phishes, and so for an IT unit to do this *legitimately* reverses
a decade
> of effort for I think most of us here, and at other institutions
World-wide.
> Of the decade+ I*ve personally spent answering these *are you a
> slow-learner?* emails, I*ve decided exactly zero were legit.
Imagine if the
> IRS even once sent out an email around tax time. The fraud would be
off the
> charts and it would take years to undo the damage. Many institutions
have a,
> *we*ll never do this, so don*t believe the phishes* statement
on their site.
> Please reference the first sentence from the IRS link, and the
sentence in
> red on page at techbase.msu.edu.
And I, too, have reiterated my admonition that a legit warning having
to do with MSU systems will always come from a real person, e.g., Dave
Gift, me, a unit head, etc.
This message was terribly worded and terribly formatted to boot. I
would've just deleted it.
--
Kim Geiger
Information Technologist
Broadcasting Services
Michigan State University
517-432-3120 x 429
|