Educause Security Discussion mailing list archives
Re: strange campus "surveys"
From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Fri, 8 Feb 2008 11:22:09 -0800
Well, all the domains are owned by: Tech Organization:NameCheap.com Tech Street1:8939 S. Sepulveda Blvd. #110 - Tech Street2:732 Tech Street3: Tech City:Westchester Tech State/Province:CA Tech Postal Code:90045 Tech Country:US Tech Phone:+1.6613102107 Tech Phone Ext.: Registrant Contact: NameCheap.com NameCheap.com NameCheap.com (support () NameCheap com) +1.6613102107 Fax: +1.6613102107 8939 S. Sepulveda Blvd. #110 - 732 Westchester, CA 90045 US Sounds like one of those sleazy outfits that try to build sites that look like your school, but just used to lure students in and inundate them with loan come-ons and credit card scams. The email is probably a first pass recruiting tool. Once they get students to bite, they then turn those students into recruiters or "opinion leaders." Yeah, the BS meter should be pegged hard 'bout now. I would treat it like any other SPAM and filter it. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu From: John Quigley [mailto:jquigley () TENNESSEE EDU] Sent: Friday, February 08, 2008 10:58 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] strange campus "surveys" All, Our users have been receiving messages asking for their participation in a survey. In most cases I've seen, the content of the email and the linked survey are similar but the domain names are different. After I saw the first of these, my impression was that this was some student-run company trying to bootstrap their market research by soliciting feedback from potential customers. The "About our project" link on the web pages supports this theory. After the examples started to pour in, though, I'm afraid something else might be going on. If the surveys asked for sensitive information (account information, passwords, identifiers, etc), I would have this pigeonholed as classic phishing, but the survey only asks for information related to the user's preferences regarding IM, text messages, social networking, etc. In this regard it seems like a regular survey. I'm concerned as to why there are so many variants of this. Could it be that 10 or more legitimate startups are using the same email and web templates to solicit the same information from the same people in a short spam of time? Maybe, but my BS-meter is pegged right now. Perhaps it's a drive-by browser attack. Because of that possibility, visiting the following links is not necessarily recommended without taking precautions. Surfer beware. Below are some links we've seen in these emails and examples of 3 variants. If anyone has figured this one out, please contact me on or off list. http://www.CampusOpinion.org/mem/b_1969307 http://www.IdealCampus.org/mem/d_2122123 http://www.CollegeBody.org/mem/a_1724126<http://www.collegebody.org/mem/a_1724126> http://www.PollBoard.org/mem/a_757732<http://www.pollboard.org/mem/a_757732> http://www.CampusInput.org/mem/e_41883<http://www.campusinput.org/mem/e_41883> http://www.SocialCampus.org/mem/f_1214130 http://www.CollegeInput.org/mem/b_1214130 ========================================================================== This year, the PollBoard.org project is working on establishing new social and academic web systems for students and faculty on campus. The goal is to make academic life easier and give students better access to more resources. We have put together a few questions regarding features you may like to see implemented. Please take the time to visit the brief survey page on the website below to give us your feedback. Thank you for your help! http://www.PollBoard.org/mem/a_757732 A few times a year, brief survey requests are sent to students and faculty. If you do not wish to help us in the future, please let us know: http://www.PollBoard.org/web.php =========================================================================== As we move forward with more useful online systems for both students and faculty, we would like to get your feedback. Please take a moment to fill out a brief (12 question) online survey to help us understand the demands of the campus better. All responses will be carefully considered in our upcoming web software release. Thank you for your help! http://www.SocialCampus.org/mem/f_1214130 A few times a year, brief survey requests are sent to students and faculty. If you do not wish to help us in the future, please let us know: http://www.SocialCampus.org/web.php =========================================================================== This semester, we have begun working on new web systems to better assist students and faculty with communication and academic resources. Some of the work has already started; however, we need your input! Please take a minute or so to answer a few insightful questions. Your input will be used for our future releases. Thanks again! http://www.CollegeInput.org/mem/b_1214130 Once again, thank you for your help. If you do not wish to provide feedback in the future, please tell us: http://www.CollegeInput.org/web.php =========================================================================== -- John Quigley Security Infrastructure Team Lead Information Security Office University of Tennessee jquigley () tennessee edu<mailto:jquigley () tennessee edu> (865) 974-1591
Current thread:
- strange campus "surveys" John Quigley (Feb 08)
- <Possible follow-ups>
- Re: strange campus "surveys" Pace, Guy (Feb 08)
- Re: strange campus "surveys" Julian J Thompson (jthmpsn2) (Feb 08)