 |
 |
Oh, yah. Well.. Try working in music. No one here is the SLIGHTEST bit scientific... If it doesn't come on staff paper... they have problems reading it... I remember one of the first ones I saw. The subject said "MSU Mail Team". The FIRST WORDS of the body said "The Arizona State University mail team..." I must have had 25 people ask me about it the first day. Um. Really? Do ya THINK it's real? I generally take this stand: It !@#$%^ me off when they forward those to me to ask if they're legit when I've told them 115 times, and have statements on my Dept site that say, it's not real, just delete it and do not respond. So I don't wanna annoy anyone else by forwarding it for the umpteenth time. By the time I've been notified (I don't think faculty here check their mail more than once a month), I'm usually certain that someone else would have reported it. I don't get that stuff on our Exchange server here, so staff and the high ups don't ever see those. We have pretty good filtering that catches most of those. Because of the frequency of these, and how often the information in them is changing, I don't know that any amount of "reporting" is going to really help. The best defense is an active approach to educating the users. Some will learn, others will not. Just bite your tongue and politely remind them it's not real when they do ask you, again and again. Though I'd be interested in any official MSU mail team response to your inquiry. I've just been ignoring them and telling my users to do the same, and not bothering the mail team with it. But... maybe we should be passing info on? Thanks! -dak -----Original Message----- From: John Valenti [mailto:[log in to unmask]] Sent: Thursday, July 22, 2010 11:29 AM To: [log in to unmask] Subject: [MSUNAG] Phishing response? hi, I was just curious if there is a consensus on what IT people should be doing for phishing attempts? (mostly for emails that my faculty/staff report to me, or forward and ask if it is legitimate) 1. suggest they report it themselves 2. work with them to obtain headers and report it personally 3. respond directly to faculty/staff, but don't bother reporting 4. something else? I usually do #1 or #3, depending on how good the attempt is. But sometimes I'm surprised by how amateurish the messages are, and still people will ask if it is legitimate. thanks -John ------------------------------------------------------- This message is only for the intended recipient(s). If you are not the named recipient you should not read, distribute or copy this email. Any views or opinions expressed in this email are those of the author and do not represent those of Michigan State University or the College of Music. Any information obtained from or contained in these emails is confidential. No information will be shared or given to any persons outside of the appropriate department(s).