Re: phishing irony

[Paul Crittenden <paul.crittenden () SIMPSON EDU>]

I had the same thing happen to me. I now do not send any kind of
example. I just remind them that we will never ask for a username or
password via email. Some folks are learning as I get a lot of them
forwarded to me to let me know and a lot of inquiries at least asking
about them.

Paul Crittenden
Computer Systems Manager
Simpson College
Phone: 515-961-1680
Email: paul.crittenden () simpson edu
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SECURITY automatic
digest system
Sent: Wednesday, February 11, 2009 11:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: SECURITY Digest - 10 Feb 2009 to 11 Feb 2009 (#2009-36)

Date:    Wed, 11 Feb 2009 08:47:53 -0600
From:    "Tupker, Mike" <mtupker () MTMERCY EDU>
Subject: Re: phishing irony

I may be too cynical but just adding the warning won't help to "alert"
user=
s that it is a spam message. A good chunk of users will just ignore
certain=
 parts of an email and go straight to the questions that the email is
askin=
g.

I sent out a warning to our campus yesterday with an example of an email
to=
 watch out for and actually got responses with login information. It was
ve=
ry sad day for me.

Mike Tupker
Systems Administrator
Mount Mercy College
Office: (319) 363-1323 x1401
Mobile: (319) 538-1644
If you need assistance with an computer issue please contact the
helpdesk a=
t x4357 or http://help.mtmercy.edu.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY@LIS=
TSERV.EDUCAUSE.EDU] On Behalf Of Jesse Thompson
Sent: Wednesday, February 11, 2009 8:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] phishing irony

Ah, good call.  The message went through another EDU mail server
first,=20
which appears to have added the warning.

It fooled me :-)  I thought it was an attempt by the phisher to
diffuse=20
the users' perception of risk.

Adding the warning might not be a bad idea, but I think that it
should=20
state that the warning was added to the message after it was sent.

  Warning: the content of this message indicates that it might be
  an attempt to steal your private information.

  PHISHING: Legitimate organizations NEVER ask for your SSN, password,
  account number, or other personal data.  Do NOT ever provide such
  information to anyone via email.

Jesse

Dan Oachs wrote:
> Is there any chance that someones outbound mailserver added that to
the=20
> top of the message as a warning?  Would be an interesting idea but=20
> probably would not stop many users from responding with their
password=20
> anyway :)
> =20
> --Dan
> =20
> =20
> Jesse Thompson wrote:
> > I found a phish message today with the following at the top of the=20
> > message:
> >
> >
> > PHISHING: Legitimate organizations NEVER ask for your SSN, password,
> > account number, or other personal data.  Do NOT ever provide such
> > information to anyone via email.
> >
> >
> > It was then followed by the usual request to reply to the
@live.com=20
> > address with account credentials.
> >
> > I can't figure out if the phishers are being stupid or genius.
> >
> > Jesse

--=20
   Jesse Thompson
   Division of Information Technology, University of Wisconsin-Madison
   Email/IM: jesse.thompson () doit wisc edu