I'm guessing his research is going to be a little skewed now that we've all been clicking on the link :). On Fri, Oct 28, 2016 at 3:50 PM, Esther V. V. Reed <[log in to unmask]> wrote: > MSU's Office of Regulatory Affairs confirmed to me this afternoon that the > email "Re-validate your mailbox" (the one with the benign link) is part of > Dr. Richard Wash's project and did have IRB approval (even though that was > not stated on the target webpage). ORA waived consent of users because the > researcher wanted recipients to believe it was real. > > If you or your users wish to provide feedback or explain any concerns / > frustations, you may email ORA at [log in to unmask] > > ~ Esther > > Esther V. V. Reed > IT Systems Administrator > MSU Dept of Physics and Astronomy > [log in to unmask] > > -----Original Message----- > From: David McFarlane [mailto:[log in to unmask]] > Sent: Thursday, October 27, 2016 5:22 PM > To: [log in to unmask] > Subject: Re: [MSUNAG] Email Phishing > > Hmm, OK, so if I get a legitimate looking e-mail from an MSU address that > says someone with an IP address in Cairo tried to log in to my account > (that is what my message said), and it has a link that goes to > msu-itservices.com (instead of msu.edu), am I supposed to follow the link > or not? Or just phone the Help Desk, like I did? What exactly is MSU ITS > trying to train us to do? > > -- dkm > > > On 2016-10-27 5:01 PM, Kim Geiger wrote: > > It's a redirect to MSU: > > > > http://www.drlinkcheck.com/results/ab7fb5 > > > > > > > > > >>>> "Plemmons, Steve" <[log in to unmask]> 10/27/2016 3:44 PM >>> > > The one that someone in my department alerted me to sounds to be almost > exactly like yours, but the link was not to an ITS address. It was a link > that included the domain msu-itservices.com. Are you suggesting that > this IS an MSU ITS domain or does it forward to itservices.msu.edu? I'm > not interested in clicking on it to find out. > > > > Thanks, > > > > Steve Plemmons > > Director of IT > > Department of Mathematics > > Michigan State University > > [log in to unmask] > > 517-353-4673 > > > > -----Original Message----- > > From: Kim Geiger [mailto:[log in to unmask]] > > Sent: Thursday, October 27, 2016 3:28 PM > > To: [log in to unmask] > > Subject: Re: [MSUNAG] Email Phishing > > > > Well, it does seem like someone at MSU decided to see how many suckers > they could catch on campus. > > I pay so little attention to such messages that I barely noticed that I > received one that said, "Someone attempted to sign into your email account ( > [log in to unmask]) with random incorrect passwords from (IP: 207.73.216.41 > in Cairo, Egypt)" and that I should click on a link. The rest of the > message seemed like it was trying to pretend to use weird spammy syntax, > but didn't really succeed in the fakery. > > The link was to an ITS page. Email headers show it to be from an ITS > address and a campus ip number Am I the only one who thinks this is just > ....uncool? For one thing, it caused some user consternation, and at least > one person was unproductive while we scanned her machine for potential > nasties because she reported she'd clicked on a phishing link ("because > this one looked so real"). > > Second, it makes everyone who received it experimental subjects without > our permission. A no no no. > > Third, it's ITS again doing something without telling us about it and > making life harder for reasons that, in this instance, are hard to fathom > -- So, they found out that some people will click on phishing links? My, > what a unique insight. > > > > > > Kim Geiger > > WKAR Radio & Television, WKAR.org > > East Lansing, Michigan > > 517-884-4766 > > > > > > > >>>> Kim Geiger <[log in to unmask]> 10/26/2016 2:09 PM >>> > > I also had a user fall for this one. How do you know the link is > "benign"?? > > > > Kim Geiger > > WKAR Radio & Television, WKAR.org > > East Lansing, Michigan > > 517-884-4766 > > > > > > > >>>> Gary Schrock <[log in to unmask]> 10/26/2016 11:10 AM >>> > > I had someone forward me one yesterday that it turns out when I go > > back and check the link out it indeed takes one to a page along those > > lines. I thought it was a little interesting that by the time I had > > responded to my user about it that it wasn't being blocked by msu yet, > > since they normally start blocking things pretty quick. > > > > Not sure I'm a big fan of this myself. Not the least of which at the > > minimum, it ultimately means more work for me, since I invariably will > > get people forwarding the various phishing emails to me asking if > > they're legit. And of course, if that link was personalized to the > > recipient (which is quite possible considering the long string of > > seemingly random characters in it), they'll now think that that person > > followed it, when it was actually me when investigating. > > > > On Wed, Oct 26, 2016 at 10:59 AM, James Sprague <[log in to unmask]> > wrote: > > > >> Just a thought here, but has anyone else seen an increase in email > >> phishing from MSU related domains? My friend had a user click on it > >> the other day and said when you went the link it showed an MSU page > >> saying something along the lines of you've been phished and was > completely benign. > >> Additionally, he looked at the root of site and it went to some > >> Symantec login page. I'm wondering if campus is using > >> https://www.symantec.com/ > >> services/cyber-security-services/cyber-skills- > >> development/phishing-readiness and just hasn't told the rest of the > >> IT community. >