I was at home when I saw that e-mail. It looked pretty real to me, but
when I hovered over the link I saw that it did not quite go to msu
(something like www.its-msu.edu, sorry I don't have the e-mail handy any
more). So I did what I always do with almost no hesitation -- I picked
up the phone, called the MSU Help Desk and made it their problem. They
told me that they were already aware of the issue, and invited me to
forward the message to [log in to unmask], which I did.
If every one of us clogged up the phone lines at the Help Desk whenever
ITS runs this sort of scam, that might change their minds a little bit.
Just sayin'.
-- dkm
On 2016-10-27 3:28 PM, Kim Geiger wrote:
> Well, it does seem like someone at MSU decided to see how many suckers they could catch on campus.
> I pay so little attention to such messages that I barely noticed that I received one that said, "Someone attempted to sign into your email account ([log in to unmask]) with random incorrect passwords from (IP: 207.73.216.41 in Cairo, Egypt)" and that I should click on a link. The rest of the message seemed like it was trying to pretend to use weird spammy syntax, but didn't really succeed in the fakery.
> The link was to an ITS page. Email headers show it to be from an ITS address and a campus ip number
> Am I the only one who thinks this is just ....uncool? For one thing, it caused some user consternation, and at least one person was unproductive while we scanned her machine for potential nasties because she reported she'd clicked on a phishing link ("because this one looked so real").
> Second, it makes everyone who received it experimental subjects without our permission. A no no no.
> Third, it's ITS again doing something without telling us about it and making life harder for reasons that, in this instance, are hard to fathom -- So, they found out that some people will click on phishing links? My, what a unique insight.
>
>
> Kim Geiger
> WKAR Radio & Television, WKAR.org
> East Lansing, Michigan
> 517-884-4766
>
>
>
>>>> Kim Geiger <[log in to unmask]> 10/26/2016 2:09 PM >>>
> I also had a user fall for this one. How do you know the link is "benign"??
>
> Kim Geiger
> WKAR Radio & Television, WKAR.org
> East Lansing, Michigan
> 517-884-4766
>
>
>
>>>> Gary Schrock <[log in to unmask]> 10/26/2016 11:10 AM >>>
> I had someone forward me one yesterday that it turns out when I go back and
> check the link out it indeed takes one to a page along those lines. I
> thought it was a little interesting that by the time I had responded to my
> user about it that it wasn't being blocked by msu yet, since they normally
> start blocking things pretty quick.
>
> Not sure I'm a big fan of this myself. Not the least of which at the
> minimum, it ultimately means more work for me, since I invariably will get
> people forwarding the various phishing emails to me asking if they're
> legit. And of course, if that link was personalized to the recipient
> (which is quite possible considering the long string of seemingly random
> characters in it), they'll now think that that person followed it, when it
> was actually me when investigating.
>
> On Wed, Oct 26, 2016 at 10:59 AM, James Sprague <[log in to unmask]> wrote:
>
>> Just a thought here, but has anyone else seen an increase in email
>> phishing from MSU related domains? My friend had a user click on it the
>> other day and said when you went the link it showed an MSU page saying
>> something along the lines of you've been phished and was completely benign.
>> Additionally, he looked at the root of site and it went to some Symantec
>> login page. I'm wondering if campus is using https://www.symantec.com/
>> services/cyber-security-services/cyber-skills-
>> development/phishing-readiness and just hasn't told the rest of the IT
>> community.
>>
>
