 |
 |
If MSU were to have its own Certificate Authority, perhaps a certificate can be generated that can be used to sign emails such as these, thereby confirming its source. Firm. -----Original Message----- From: David McFarlane [mailto:[log in to unmask]] Sent: Thursday, December 22, 2011 2:27 PM To: [log in to unmask] Subject: Re: [MSUNAG] Is this legit? (was, FW: Effort Reports are ready for Your Review and Certification) Jerry, Exaclty what I try to do whenever I get one of these completely unexpected and unsolicited mass e-mails from an alleged MSU source. But infuriatingly, in many cases the message comes with no alternative identifying information, thus stymieing any effort to verify its legitimacy. At least this example had a live phone number, although as you point out any phone number in an e-mail could also be spoofed. So if I may generalize this discussion, what could one do now with an alleged "MSU" message when it gives no clue of how to check on its authenticity? Especially when the message requires some online action and cannot just be ignored? In the long run, of course we need to start by educating those who produce these e-mails about how to be considerate of those who take security seriously. Beyond that, we need some established protocol through which recipients can readily verify the authenticity of alleged MSU mass communications; even better, we need some way to digitally sign such communications and thus provide the required authentication. -- dkm At 12/22/2011 12:02 PM Thursday, Jerry McAllister wrote: >On Thu, Dec 22, 2011 at 11:44:29AM -0500, Brian Baer wrote: > > > For what is worth -- when I did this yesterday I remember there > > being one screen where you can click on an account number or click > > on your name. In my case clicking on my name took me to the right > > place while clicking on the account number did bring me to a place > > that looks like I could change data that I don't think I should be able to change. > >The trick with these things that seem suspicious is to not go to the >links or call the phone numbers they give in the spam message. >Instead, go outside of the Email message and find the number or address >of the office or business independantly from the message and check it >out. If you only rely on what is in the message, it can very likely >be part of the scam, if it is a scam. > >In general, solicitation messages that include URLs to click on or >phone numbers to call should be considered suspicious and warrant at >least ignoring or contacting via means outside of the message. > >////jerry > > > > > > > > Brian Baer > > > > On 12/22/11 11:22 AM, Thomas P. Carter wrote: > > > > > >When I logged on (I need to fill this out as I???m a Specialist), I > > >am presented with completely erroneous info, am asked to certify > > >effort for someone I???ve never heard of, and am associated with > > >grants from different colleges that I have nothing to do with. > > >Nothing seems to actually relate to ME. I called the number and left a voice mail??? > > > > > >*Thomas P. Carter, Ph.D.* > > >Department of Chemistry > > >Michigan State University > > >East Lansing, MI 48824-1322 > > > > > >*From:*Charlot, Firmin [mailto:[log in to unmask]] > > >*Sent:* Thursday, December 22, 2011 8:41 AM > > >*To:* [log in to unmask] > > >*Subject:* Re: [MSUNAG] Is this legit? (was, FW: Effort Reports are > > >ready for Your Review and Certification) > > > > > >Apparently so, a colleague forwarded a similar message to me and > > >eventually got confirmation. You can confirm it as well by calling > > >the number at the end of the message which appears to be an MSU number. > > > > > >Happy Holidays! > > > > > >Firm. > > > > > >*From:*Al Puzzuoli [mailto:[log in to unmask]] > > ><mailto:[mailto:[log in to unmask]]> > > >*Sent:* Thursday, December 22, 2011 8:04 AM > > >*To:* [log in to unmask] <mailto:[log in to unmask]> > > >*Subject:* [MSUNAG] Is this legit? (was, FW: Effort Reports are > > >ready for Your Review and Certification) > > > > > >A colleague forwarded the below message to me. She was confused as > > >to what this is or whether it???s even legit: > > > > > >Thanks, > > > > > >Al > > > > > >*From:*[log in to unmask] > > ><mailto:[log in to unmask]> > > >[mailto:[log in to unmask]] > > ><mailto:[mailto:[log in to unmask]]> > > >*Sent:* Wednesday, December 21, 2011 3:54 PM > > >*To:* > > >*Subject:* Effort Reports are ready for Your Review and > > >Certification > > > > > >You are receiving this email because you have been paid from, or > > >cost shared on a restricted sponsored project account (i.e., most > > >Federal and State accounts). Effort Reports are required to > > >document salary charges and cost share on Federal and State funded > > >projects and for those agencies that require cost sharing. If the > > >effort reports are not completed, the related salary and cost > > >sharing will have to be removed from the account. In an effort to > > >simplify this process as much as possible, the effort reports are > > >now electronic (to be completed through CGA???s website) and > > >include a department contact to answer your questions. Please > > >click on the link below and sign in to view your effort reporting > > >portal. Click ???My Effort??? to view your effort report. Please > > >record the percentage effort worked in the red > > >box(es) for the period identified above, and then click the > > >certification button at the bottom of the effort report. > > > > > >Link to access your effort reporting portal: > > >http://cga.msu.edu/PL/Portal/Portal.aspx > > > > > >If you have additional individuals listed on your effort reporting > > >portal, you have been delegated to certify their effort report in > > >addition to your own (ex. You are a PI and you have graduate > > >students working for you on a restricted sponsored account). > > >Please click on their name(s) and complete the red box(es), then > > >click the certification button at the bottom. > > > > > >*Please ensure your effort report and any delegated effort reports > > >have been certified by December 31, 2011, if possible, or January > > >16, 2012, if necessary. We apologize for the tight turnaround and > > >appreciate your help and patience as we implement this new system!* > > > > > >For Frequently Asked Questions on Effort Reporting please click the > > >link below: > > > > > >http://www.cga.msu.edu/PL/Portal/DocumentViewer.aspx?cga=aQBkAD0AMQ > > >A0ADcA > > > > > >If you have questions, please contact your effort reporting > > >administrator (listed at the top of your effort report), email > > >[log in to unmask] <mailto:[log in to unmask]>, > > >or call CGA at 517-884-4235.