Educause Security Discussion mailing list archives
Re: Tips for using third party survey providers
From: Ronald King <ronald.king () MORGAN EDU>
Date: Wed, 4 Apr 2018 11:07:43 -0400
We also provide copies on our website and encourage other departments to do the same. Ron *Ronald A. King, CISSP* Chief Information Security Officer Morgan State University Office: (443) 885-3372 1700 E. Cold Spring Ln. Email: ronald.king () morgan edu Baltimore, MD 21251 URL: http://www.morgan.edu *Growing the future ... Leading the world* <http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf> On Thu, Mar 15, 2018 at 9:21 AM, Laura Raderman <lraderman () cmu edu> wrote:
We *always* include a URL (not specifically linked where we can prevent it) to a trusted cmu.edu site (which site depends on which department is sending the message) that includes an exact copy of the message, or as close as we can get (for messages that have recipient specific information) Example: ***To verify the authenticity of this message, visit https://urldefense.proofpoint.com/v2/url?u=https-3A__www. cmu.edu_iso_news_ncsam-2Dmassmail.html&d=DwIGaQ&c= 0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m= H8SID1VMhRncCiDskzs6s0KeGPqrTvjzfQcunmp8Q0E&s= 4rBagCUpdGfdkshPW3UZQlH1BntVAp2tv3BthgmjN0w&e= *** Note: Your mail reader may have converted the authenticity URL above to be a clickable link. Depending on your device/mail reader, you can check the actual destination of a clickable link by hovering your mouse over the link, "right-clicking" on the link, or tap and holding the link. ——————— If we were sending from a 3rd party, the message would include a description of what the mail was, who sent it, why, etc. We also encourage folks using such services to send to themselves first to make sure the message doesn’t sound/look too spammy. We had one department (a large one on campus that many students, staff, and faculty interact with) send out a mail advertising “Win a free month of X” and we got *many* many spam reports about it (it was legitimate). Laura Raderman ISO Policy & Compliance Coordinator Carnegie Mellon University lraderman () cmu eduOn Mar 15, 2018, at 7:47 AM, Scott Stoops <sstoops () ASHLAND EDU> wrote:We recently sent out an email to our students that contained links to asurvey we wanted them to complete. The email had several pieces of information, such as actual contact information, to validate that this was a legitimate email. With an increased awareness on phishing, some of our students questioned the email and reported it as a possible phishing attempt.Like everyone, we are walking a sometimes fine line between encouragingpeople to not click on links from unexpected emails and still getting them to interact when an email is legitimate. What are folks doing either within the email communications themselves or in addition to the emails to indicate that these kinds of things are legitimate?One suggestion we had was to include our logo in the email but not allvendors will allow this.--Scott StoopsSecurity Analyst IIOffice of Information Technology | 100 Patterson Technology CenterAshland, OH 44805(w) 419-289-5405sstoops () ashland edu
Current thread:
- Re: Tips for using third party survey providers Ronald King (Apr 04)