Print

Print
Re: [MSUNAG] Fwd: size="+1">SUBJECT: Important: Password Expiration Notification - uadv.msu.edu

I am sure this is a legitimate e-mail.

 

·          35.9.170.x belongs to UADV, see https://network.msu.edu/cgi-bin/msu/search-ipadmin?search=35.9.170&qtype=Subnet

·          Spartan Way is a way of referencing who is staffed within Spartan Stadium

·          Asks users to sign in via the UADV SSL VPN to change their password if they are out of the building, while in the building asks them to press ctrl+alt+delete

 

It’s execution leaves a lot to be desired and the language could be firmed up a bit to alleviate this entire thread ( =D ), but from what I know (take that for what it’s worth!) it’s the real deal.

 

/ch

 

From: Linda Losik [mailto:[log in to unmask]]
Sent: Monday, April 12, 2010 3:58 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Fwd: size="+1">SUBJECT: Important: Password Expiration Notification - uadv.msu.edu

 

I have real concerns, like the phone number which does not go to a “help-desk” type person, but voice mail, as well as a few others:

1.We have regular changing passwords…there is no email that is sent, which is the first source of concern, just a pop-up.  And it does not matter how the user is accessing our network, it is just a popup.

2.The number that is listed, there is no recorded message other than to press 0 for further assistance

3. The email domain is for Communication Arts & Sciences, good luck on finding Spartan Way

 

My bet is that this is a very good phishing email…

 

From: Kramer, Jack [mailto:[log in to unmask]]
Sent: Monday, April 12, 2010 3:46 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Fwd: size="+1">SUBJECT: Important: Password Expiration Notification - uadv.msu.edu

 

Looks legit to my eye, but that size +1 thing is sort of odd – HTML code gone awry? (IIRC you can’t use HTML in the subject of an email.)

We have something similar over here but not nearly as fancy.
----
Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955

From: John Valenti <[log in to unmask]">[log in to unmask]>
Reply-To: John Valenti <[log in to unmask]">[log in to unmask]>
Date: Mon, 12 Apr 2010 15:36:58 -0400
To: "[log in to unmask]">[log in to unmask]" <[log in to unmask]">[log in to unmask]>
Subject: [MSUNAG] Fwd: size="+1">SUBJECT: Important: Password Expiration Notification - uadv.msu.edu

hi NAG'ers,
I'm trying to decide if this is spearphishing, or legitimate.

It has at least two tags tending toward malware:
1) subject line is messed up with "size="+1"
2) link to SOS Group is numeric IP address (but on campus)

I'm guessing it is legitimate, but pretty confusing. What is "Spartan Way"?  A search says that it is a street name, but how can someone be in a street?
thanks for any leads
-John

PS - sorry to forward this to the group,  but my people send me about five of these per week, and I can usually decide within 30 seconds. Four out of the last four have been scams.


Begin forwarded message:

From: ......
Date: April 12, 2010 2:10:04 PM EDT
To: "'John Valenti'" <[log in to unmask]">[log in to unmask]>
Subject: FW: size="+1">SUBJECT: Important: Password Expiration Notification - uadv.msu.edu <http://uadv.msu.edu>  

Hi John,
Is this a scam?
Mary
 
From: [log in to unmask]">[log in to unmask] [mailto:[log in to unmask]]
Sent: Monday, April 12, 2010 8:00 AM
To: [log in to unmask]">[log in to unmask]
Subject: size="+1">SUBJECT: Important: Password Expiration Notification - uadv.msu.edu <http://uadv.msu.edu>

Hi Mary,

Your password for account "meyerma8" expires in 0 day(s). Please change the password as soon as possible to prevent further logon problems.

Trouble viewing this email? Click this link <http://35.9.170.43/pwordemail/instructions.htm>
If your password has expired or you want to change it are you inside or outside Spartan Way?

++++++++++++++++++++++++++++++++++++++++++++++

Users in Spartan Way

++++++++++++++++++++++++++++++++++++++++++++++

Once you are logged in

Hold down Ctrl - Alt - Delete on the keyboard and left click 'Change Password'



++++++++++++++++++++++++++++++++++++++++++++++

Users outside Spartan Way

++++++++++++++++++++++++++++++++++++++++++++++

Login to the UA VPN at https://gate.uadv.msu.edu



Click the 'Preferences' button



Click the 'General' Tab



Type in your old password, then type in the new password and re type the new password.

Make sure the New Password and Confirm Password match.
Password requirements are:

Minimum 10 characters

Must contain 3 out of 4 -one CAP letter, one lower case letter, one NUMBER and one SPECIAL CHARACTER

You will need to change your password on your mobile phone too. Check below for instructions.

Instructions to setup first time or change password for Iphone are here <http://35.9.170.43/pwordemail/iPhone%20using%20Microsoft%20Exchange.htm>

Instructions to setup first time or change password for Windows Mobile Phone are here <http://35.9.170.43/pwordemail/Windows%20Mobile%206%20Smartphones%20for%20Microsoft%20Exchange.htm>

Thank you!
SOS Group

<http://35.9.170.39/service/sr.htm>

-----------------------------------------------------------------------------------------------
This is an automatically generated message (uas16.uadv.msu.edu <http://uas16.uadv.msu.edu> ) from University Advancement Systems Group.



Type in your old password and type in the new password and re type the new password. Make sure the New Password and Confirm Password match.

Password requirements are:

Minimum 10 characters

Must contain 3 out of 4 -one CAP letter, one lower case letter, one NUMBER and one SPECIAL CHARACTER

Thank you!
SOS Group

<http://35.9.170.39/service/sr.htm>

----------------
This is an automatically generated message (uas16.uadv.msu.edu <http://uas16.uadv.msu.edu> ) from University Advancement Systems Group.