Educause Security Discussion mailing list archives
Re: Groupspaces...is it social engineering or a desired campus server.
From: "Lang, Matthew" <mlang8 () UNCC EDU>
Date: Mon, 29 Aug 2011 16:23:00 +0000
Wayne, I have a quick question for you are you using a cloud based e-mail solution for your students? Also have you requested any measurements from your IT e-mail group how many e-mails from groupspaces.com have you seen? Just trying to understand the magnitude of the potential issue. I.E did the spam the entire student e-mail directory, or a subset? Your e-mail implies it to be a subset of dorm room floor officers. Thanks Matthew From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hauber, Wayne [ITSEC] Sent: Monday, August 29, 2011 11:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Groupspaces...is it social engineering or a desired campus server. I have questions about Groupspaces.com. It appears to be an organization that aggressively markets its services to student organizations. They found a way to mine lists of student organization at ISU then invited the officers of ISU clubs to use their services to manage their clubs. Background: I first heard about Groupspaces from my daughter, a student at ISU, who received an e-mail from them in April 2011. The Groupspaces folks decided that she was an officer on her dorm floor and wanted her to use their services. She was never an officer on her dorm floor but *is* the daughter of a security analyst and knows enough to be concerned. We learned of other badly targeted e-mails and investigated. Our university has no contractual relationship with Groupspaces. We noticed that it has existed for a while and may be a real service. We eventually let the matter drop. On Friday, I learned that Groupspaces was sending badly targeted e-mails to students again. A counselor wondered if they were trustworthy. I investigated and notice that Groupspaces offers many services to clubs. One notable service is dues collection. Apparently, Groupspaces will handle dues collection from your members and can use paypal and credit cards for collection. I decided that I could not tell the difference between Groupspaces and some sort of elegant social engineering/phishing scheme and temporarily blocked groupspaces.com at our campus border. Questions: 1. Is anyone familiar with Groupspaces.com and can tell us more about them? 2. Are they trustworthy? 3. Has your Treasurer's office decided that Groupspaces.com can be trusted with dues collection from your students? 4. What do they charge student organizations? 5. Has your school entered into a contractual relationship with Groupspaces.com? Wayne Hauber (515) 294-9890 Iowa State University Information Technology Services IT Security and Policies 297 Durham Center, ISU, Ames, Iowa 50011 wjhauber () iastate edu<mailto:wjhauber () iastate edu>
Current thread:
- Groupspaces...is it social engineering or a desired campus server. Hauber, Wayne [ITSEC] (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Lang, Matthew (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Hauber, Wayne [ITSEC] (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Steve Kuchta (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Tonkin, Derek K. (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Lang, Matthew (Aug 29)