Educause Security Discussion mailing list archives
Re: phishing irony
From: Paul Crittenden <paul.crittenden () SIMPSON EDU>
Date: Thu, 12 Feb 2009 09:09:54 -0600
I had the same thing happen to me. I now do not send any kind of example. I just remind them that we will never ask for a username or password via email. Some folks are learning as I get a lot of them forwarded to me to let me know and a lot of inquiries at least asking about them. Paul Crittenden Computer Systems Manager Simpson College Phone: 515-961-1680 Email: paul.crittenden () simpson edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SECURITY automatic digest system Sent: Wednesday, February 11, 2009 11:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: SECURITY Digest - 10 Feb 2009 to 11 Feb 2009 (#2009-36) Date: Wed, 11 Feb 2009 08:47:53 -0600 From: "Tupker, Mike" <mtupker () MTMERCY EDU> Subject: Re: phishing irony I may be too cynical but just adding the warning won't help to "alert" user= s that it is a spam message. A good chunk of users will just ignore certain= parts of an email and go straight to the questions that the email is askin= g. I sent out a warning to our campus yesterday with an example of an email to= watch out for and actually got responses with login information. It was ve= ry sad day for me. Mike Tupker Systems Administrator Mount Mercy College Office: (319) 363-1323 x1401 Mobile: (319) 538-1644 If you need assistance with an computer issue please contact the helpdesk a= t x4357 or http://help.mtmercy.edu. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LIS= TSERV.EDUCAUSE.EDU] On Behalf Of Jesse Thompson Sent: Wednesday, February 11, 2009 8:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] phishing irony Ah, good call. The message went through another EDU mail server first,=20 which appears to have added the warning. It fooled me :-) I thought it was an attempt by the phisher to diffuse=20 the users' perception of risk. Adding the warning might not be a bad idea, but I think that it should=20 state that the warning was added to the message after it was sent. Warning: the content of this message indicates that it might be an attempt to steal your private information. PHISHING: Legitimate organizations NEVER ask for your SSN, password, account number, or other personal data. Do NOT ever provide such information to anyone via email. Jesse Dan Oachs wrote:
Is there any chance that someones outbound mailserver added that to
the=20
top of the message as a warning? Would be an interesting idea but=20 probably would not stop many users from responding with their
password=20
anyway :) =20 --Dan =20 =20 Jesse Thompson wrote:I found a phish message today with the following at the top of the=20 message: PHISHING: Legitimate organizations NEVER ask for your SSN, password, account number, or other personal data. Do NOT ever provide such information to anyone via email. It was then followed by the usual request to reply to the
@live.com=20
address with account credentials. I can't figure out if the phishers are being stupid or genius. Jesse
--=20 Jesse Thompson Division of Information Technology, University of Wisconsin-Madison Email/IM: jesse.thompson () doit wisc edu
Current thread:
- phishing irony Jesse Thompson (Feb 11)
- <Possible follow-ups>
- Re: phishing irony Dan Oachs (Feb 11)
- Re: phishing irony Jesse Thompson (Feb 11)
- Re: phishing irony Tupker, Mike (Feb 11)
- Re: phishing irony Pace, Guy (Feb 11)
- Re: phishing irony Mike Porter (Feb 11)
- Re: phishing irony Gary Flynn (Feb 11)
- Re: phishing irony Paul Crittenden (Feb 12)
- Re: phishing irony Ozzie Paez (Feb 12)
- Re: phishing irony HALL, NATHANIEL D. (Feb 12)
- Re: phishing irony Pete Hickey (Feb 12)
- Re: phishing irony Matthew Gracie (Feb 12)
- Re: phishing irony Valdis Kletnieks (Feb 12)
- Re: phishing irony Gary Flynn (Feb 13)
- Re: phishing irony James (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Falcon, Patricia (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
(Thread continues...)