LISTSERV 16.0 - MSUNAG Archives

I'm guessing his research is going to be a little skewed now that we've all
been clicking on the link :).

On Fri, Oct 28, 2016 at 3:50 PM, Esther V. V. Reed <[log in to unmask]> wrote:

> MSU's Office of Regulatory Affairs confirmed to me this afternoon that the
> email "Re-validate your mailbox" (the one with the benign link) is part of
> Dr. Richard Wash's project and did have IRB approval (even though that was
> not stated on the target webpage).  ORA waived consent of users because the
> researcher wanted recipients to believe it was real.
>
> If you or your users wish to provide feedback or explain any concerns /
> frustations, you may email ORA at [log in to unmask]
>
> ~ Esther
>
> Esther V. V. Reed
> IT Systems Administrator
> MSU Dept of Physics and Astronomy
> [log in to unmask]
>
> -----Original Message-----
> From: David McFarlane [mailto:[log in to unmask]]
> Sent: Thursday, October 27, 2016 5:22 PM
> To: [log in to unmask]
> Subject: Re: [MSUNAG] Email Phishing
>
> Hmm, OK, so if I get a legitimate looking e-mail from an MSU address that
> says someone with an IP address in Cairo tried to log in to my account
> (that is what my message said), and it has a link that goes to
> msu-itservices.com (instead of msu.edu), am I supposed to follow the link
> or not?  Or just phone the Help Desk, like I did?  What exactly is MSU ITS
> trying to train us to do?
>
> -- dkm
>
>
> On 2016-10-27 5:01 PM, Kim Geiger wrote:
> > It's a redirect to MSU:
> >
> > http://www.drlinkcheck.com/results/ab7fb5
> >
> >
> >
> >
> >>>> "Plemmons, Steve" <[log in to unmask]> 10/27/2016 3:44 PM >>>
> > The one that someone in my department alerted me to sounds to be almost
> exactly like yours, but the link was not to an ITS address.  It was a link
> that included the domain msu-itservices.com.  Are you suggesting that
> this IS an MSU ITS domain or does it forward to itservices.msu.edu?  I'm
> not interested in clicking on it to find out.
> >
> > Thanks,
> >
> > Steve Plemmons
> > Director of IT
> > Department of Mathematics
> > Michigan State University
> > [log in to unmask]
> > 517-353-4673
> >
> > -----Original Message-----
> > From: Kim Geiger [mailto:[log in to unmask]]
> > Sent: Thursday, October 27, 2016 3:28 PM
> > To: [log in to unmask]
> > Subject: Re: [MSUNAG] Email Phishing
> >
> > Well, it does seem like someone at MSU decided to see how many suckers
> they could catch on campus.
> > I pay so little attention to such messages that I barely noticed that I
> received one that said, "Someone attempted to sign into your email account (
> [log in to unmask]) with random incorrect passwords from (IP: 207.73.216.41
> in Cairo, Egypt)"  and that I should click on a link.  The rest of the
> message seemed like it was trying to pretend to use weird spammy syntax,
> but didn't really succeed in the fakery.
> > The link was to an ITS page.  Email headers show it to be from an ITS
> address and a campus ip number Am I the only one who thinks this is just
> ....uncool?  For one thing, it caused some user consternation, and at least
> one person was unproductive while we scanned her machine for potential
> nasties because she reported she'd clicked on a phishing link ("because
> this one looked so real").
> > Second, it makes everyone who received it experimental subjects without
> our permission.  A no no no.
> > Third, it's ITS again doing something without telling us about it and
> making life harder for reasons that, in this instance, are hard to fathom
> -- So, they found out that some people will click on phishing links?  My,
> what a unique insight.
> >
> >
> > Kim Geiger
> > WKAR Radio & Television, WKAR.org
> > East Lansing, Michigan
> > 517-884-4766
> >
> >
> >
> >>>> Kim Geiger <[log in to unmask]> 10/26/2016 2:09 PM >>>
> > I also had a user fall for this one.  How do you know the link is
> "benign"??
> >
> > Kim Geiger
> > WKAR Radio & Television, WKAR.org
> > East Lansing, Michigan
> > 517-884-4766
> >
> >
> >
> >>>> Gary Schrock <[log in to unmask]> 10/26/2016 11:10 AM >>>
> > I had someone forward me one yesterday that it turns out when I go
> > back and check the link out it indeed takes one to a page along those
> > lines.  I thought it was a little interesting that by the time I had
> > responded to my user about it that it wasn't being blocked by msu yet,
> > since they normally start blocking things pretty quick.
> >
> > Not sure I'm a big fan of this myself.  Not the least of which at the
> > minimum, it ultimately means more work for me, since I invariably will
> > get people forwarding the various phishing emails to me asking if
> > they're legit.  And of course, if that link was personalized to the
> > recipient (which is quite possible considering the long string of
> > seemingly random characters in it), they'll now think that that person
> > followed it, when it was actually me when investigating.
> >
> > On Wed, Oct 26, 2016 at 10:59 AM, James Sprague <[log in to unmask]>
> wrote:
> >
> >> Just a thought here, but has anyone else seen an increase in email
> >> phishing from MSU related domains? My friend had a user click on it
> >> the other day and said when you went the link it showed an MSU page
> >> saying something along the lines of you've been phished and was
> completely benign.
> >> Additionally, he looked at the root of site and it went to some
> >> Symantec login page. I'm wondering if campus is using
> >> https://www.symantec.com/
> >> services/cyber-security-services/cyber-skills-
> >> development/phishing-readiness and just hasn't told the rest of the
> >> IT community.
>