It's a redirect to MSU:
http://www.drlinkcheck.com/results/ab7fb5
>>> "Plemmons, Steve" <[log in to unmask]> 10/27/2016 3:44 PM >>>
The one that someone in my department alerted me to sounds to be almost exactly like yours, but the link was not to an ITS address. It was a link that included the domain msu-itservices.com. Are you suggesting that this IS an MSU ITS domain or does it forward to itservices.msu.edu? I'm not interested in clicking on it to find out.
Thanks,
Steve Plemmons
Director of IT
Department of Mathematics
Michigan State University
[log in to unmask]
517-353-4673
-----Original Message-----
From: Kim Geiger [mailto:[log in to unmask]]
Sent: Thursday, October 27, 2016 3:28 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Email Phishing
Well, it does seem like someone at MSU decided to see how many suckers they could catch on campus.
I pay so little attention to such messages that I barely noticed that I received one that said, "Someone attempted to sign into your email account ([log in to unmask]) with random incorrect passwords from (IP: 207.73.216.41 in Cairo, Egypt)" and that I should click on a link. The rest of the message seemed like it was trying to pretend to use weird spammy syntax, but didn't really succeed in the fakery.
The link was to an ITS page. Email headers show it to be from an ITS address and a campus ip number Am I the only one who thinks this is just ....uncool? For one thing, it caused some user consternation, and at least one person was unproductive while we scanned her machine for potential nasties because she reported she'd clicked on a phishing link ("because this one looked so real").
Second, it makes everyone who received it experimental subjects without our permission. A no no no.
Third, it's ITS again doing something without telling us about it and making life harder for reasons that, in this instance, are hard to fathom -- So, they found out that some people will click on phishing links? My, what a unique insight.
Kim Geiger
WKAR Radio & Television, WKAR.org
East Lansing, Michigan
517-884-4766
>>> Kim Geiger <[log in to unmask]> 10/26/2016 2:09 PM >>>
I also had a user fall for this one. How do you know the link is "benign"??
Kim Geiger
WKAR Radio & Television, WKAR.org
East Lansing, Michigan
517-884-4766
>>> Gary Schrock <[log in to unmask]> 10/26/2016 11:10 AM >>>
I had someone forward me one yesterday that it turns out when I go back and
check the link out it indeed takes one to a page along those lines. I
thought it was a little interesting that by the time I had responded to my
user about it that it wasn't being blocked by msu yet, since they normally
start blocking things pretty quick.
Not sure I'm a big fan of this myself. Not the least of which at the
minimum, it ultimately means more work for me, since I invariably will get
people forwarding the various phishing emails to me asking if they're
legit. And of course, if that link was personalized to the recipient
(which is quite possible considering the long string of seemingly random
characters in it), they'll now think that that person followed it, when it
was actually me when investigating.
On Wed, Oct 26, 2016 at 10:59 AM, James Sprague <[log in to unmask]> wrote:
> Just a thought here, but has anyone else seen an increase in email
> phishing from MSU related domains? My friend had a user click on it the
> other day and said when you went the link it showed an MSU page saying
> something along the lines of you've been phished and was completely benign.
> Additionally, he looked at the root of site and it went to some Symantec
> login page. I'm wondering if campus is using https://www.symantec.com/
> services/cyber-security-services/cyber-skills-
> development/phishing-readiness and just hasn't told the rest of the IT
> community.
>
