>>> On 4/12/2010 at 4:28 PM, Brian Hoort <[log in to unmask]> wrote: > That is either the best spear-phish I*ve ever seen, or it*s legit. Is it > just me, or is doing this a bad idea? I would never send out a *change your > password now or you*ll be cut off!!!* email. We*ve spent over a decade > trying to teach users not to believe *give me your password, you dolt* > phishes, and so for an IT unit to do this *legitimately* reverses a decade > of effort for I think most of us here, and at other institutions World-wide. > Of the decade+ I*ve personally spent answering these *are you a > slow-learner?* emails, I*ve decided exactly zero were legit. Imagine if the > IRS even once sent out an email around tax time. The fraud would be off the > charts and it would take years to undo the damage. Many institutions have a, > *we*ll never do this, so don*t believe the phishes* statement on their site. > Please reference the first sentence from the IRS link, and the sentence in > red on page at techbase.msu.edu. And I, too, have reiterated my admonition that a legit warning having to do with MSU systems will always come from a real person, e.g., Dave Gift, me, a unit head, etc. This message was terribly worded and terribly formatted to boot. I would've just deleted it. -- Kim Geiger Information Technologist Broadcasting Services Michigan State University 517-432-3120 x 429