Print

Print


Contact Katherine Ball: she has some absolutely wonderful posters about
phishing that can be put up all over the place...while they are
primarily targeting students, hopefully others will realize that this
pertains to them as well.  We are putting them up in the student labs
and on our doors and every place else we can think of where people might
get a hint...

-----Original Message-----
From: Aldrich, Dak [mailto:[log in to unmask]] 
Sent: Thursday, July 22, 2010 11:44 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Phishing response?

Oh, yah. Well.. Try working in music.  No one here is the SLIGHTEST bit
scientific...  If it doesn't come on staff paper... they have problems
reading it...

I remember one of the first ones I saw.  The subject said "MSU Mail
Team".  The FIRST WORDS of the body said "The Arizona State University
mail team..."  I must have had 25 people ask me about it the first day.

Um.  Really?  Do ya THINK it's real?

I generally take this stand:

It !@#$%^ me off when they forward those to me to ask if they're legit
when I've told them 115 times, and have statements on my Dept site that
say, it's not real, just delete it and do not respond.  So I don't wanna
annoy anyone else by forwarding it for the umpteenth time.

By the time I've been notified (I don't think faculty here check their
mail more than once a month), I'm usually certain that someone else
would have reported it.  I don't get that stuff on our Exchange server
here, so staff and the high ups don't ever see those.  We have pretty
good filtering that catches most of those.

Because of the frequency of these, and how often the information in them
is changing, I don't know that any amount of "reporting" is going to
really help.  The best defense is an active approach to educating the
users.  Some will learn, others will not.  Just bite your tongue and
politely remind them it's not real when they do ask you, again and
again.

Though I'd be interested in any official MSU mail team response to your
inquiry.  I've just been ignoring them and telling my users to do the
same, and not bothering the mail team with it.  But... maybe we should
be passing info on?

Thanks!

-dak

-----Original Message-----
From: John Valenti [mailto:[log in to unmask]] 
Sent: Thursday, July 22, 2010 11:29 AM
To: [log in to unmask]
Subject: [MSUNAG] Phishing response?

hi,

I was just curious if there is a consensus on what IT people should be
doing for phishing attempts?
	(mostly for emails that my faculty/staff report to me, or
forward and ask if it is legitimate)

1. suggest they report it themselves
2. work with them to obtain headers and report it personally 3. respond
directly to faculty/staff, but don't bother reporting 4. something else?

I usually do #1 or #3, depending on how good the attempt is.
But sometimes I'm surprised by how amateurish the messages are, and
still people will ask if it is legitimate.
thanks
-John 
 

-------------------------------------------------------
This message is only for the intended recipient(s).
If you are not the named recipient you should not read,
distribute or copy this email.  Any views or opinions
expressed in this email are those of the author and do
not represent those of Michigan State University or the
College of Music.  Any information obtained from or
contained in these emails is confidential.  No
information will be shared or given to any persons
outside of the appropriate department(s).