Re: Tips for using third party survey providers

[Ronald King <ronald.king () MORGAN EDU>]

We also provide copies on our website and encourage other departments to do
the same.

Ron

*Ronald A. King, CISSP*
Chief Information Security Officer
Morgan State University Office: (443) 885-3372
1700 E. Cold Spring Ln. Email: ronald.king () morgan edu
Baltimore, MD 21251 URL: http://www.morgan.edu

*Growing the future ... Leading the world*
<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>


On Thu, Mar 15, 2018 at 9:21 AM, Laura Raderman <lraderman () cmu edu> wrote:

> We *always* include a URL (not specifically linked where we can prevent
> it) to a trusted cmu.edu site (which site depends on which department is
> sending the message) that includes an exact copy of the message, or as
> close as we can get (for messages that have recipient specific information)
>
>
>
> Example:
>
>
>
> ***To verify the authenticity of this message, visit
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.
> cmu.edu_iso_news_ncsam-2Dmassmail.html&d=DwIGaQ&c=
> 0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=
> H8SID1VMhRncCiDskzs6s0KeGPqrTvjzfQcunmp8Q0E&s=
> 4rBagCUpdGfdkshPW3UZQlH1BntVAp2tv3BthgmjN0w&e= ***
>
>
>
>  Note:  Your mail reader may have converted the authenticity URL above to
> be a clickable link.  Depending on your device/mail reader, you can check
> the actual destination of a clickable link by hovering your mouse over the
> link, "right-clicking" on the link, or tap and holding the link.
>
>
>
> ———————
>
>
>
> If we were sending from a 3rd party, the message would include a
> description of what the mail was, who sent it, why, etc.  We also encourage
> folks using such services to send to themselves first to make sure the
> message doesn’t sound/look too spammy.  We had one department (a large one
> on campus that many students, staff, and faculty interact with) send out a
> mail advertising “Win a free month of X” and we got *many* many spam
> reports about it (it was legitimate).
>
>
>
>
>
> Laura Raderman
>
> ISO Policy & Compliance Coordinator
>
> Carnegie Mellon University
>
> lraderman () cmu edu
>
>
>
> > On Mar 15, 2018, at 7:47 AM, Scott Stoops <sstoops () ASHLAND EDU> wrote:
>
> >
>
> > We recently sent out an email to our students that contained links to a
> survey we wanted them to complete. The email had several pieces of
> information, such as actual contact information, to validate that this was
> a legitimate email. With an increased awareness on phishing, some of our
> students questioned the email and reported it as a possible phishing
> attempt.
>
> >
>
> > Like everyone, we are walking a sometimes fine line between encouraging
> people to not click on links from unexpected emails and still getting them
> to interact when an email is legitimate. What are folks doing either within
> the email communications themselves or in addition to the emails to
> indicate that these kinds of things are legitimate?
>
> >
>
> > One suggestion we had was to include our logo in the email but not all
> vendors will allow this.
>
> > --
>
> > Scott Stoops
>
> > Security Analyst II
>
> > Office of Information Technology | 100 Patterson Technology Center
>
> > Ashland, OH 44805
>
> > (w) 419-289-5405
>
> > sstoops () ashland edu
>
> >