Educause Security Discussion mailing list archives
Re: Groupspaces...is it social engineering or a desired campus server.
From: "Hauber, Wayne [ITSEC]" <wjhauber () IASTATE EDU>
Date: Mon, 29 Aug 2011 15:12:49 -0500
Wayne Hauber (515) 294-9890 Iowa State University Information Technology Services IT Security and Policies 297 Durham Center, ISU, Ames, Iowa 50011 wjhauber () iastate edu<mailto:wjhauber () iastate edu> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Lang, Matthew Sent: Monday, August 29, 2011 11:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Groupspaces...is it social engineering or a desired campus server. Wayne, I have a quick question for you are you using a cloud based e-mail solution for your students? Our student e-mail solution is gmail. Also have you requested any measurements from your IT e-mail group how many e-mails from groupspaces.com have you seen? No, I have not counted how many e-mails were sent to campus. Just trying to understand the magnitude of the potential issue. I.E did the spam the entire student e-mail directory, or a subset? Your e-mail implies it to be a subset of dorm room floor officers. It appears that someone researched student organizations and learned the names of the mail lists that they use. The e-mails went to the mail lists. At that point, the mail went to the members of the student organizations. We are beginning to research groupspaces. They appear to be legitimate. Their marketing is terribly aggressive. While I could not recommend groupspaces.com to any student group, it appears that I will have to relent and unblock them at our campus border. What I really am asking has nothing to do with their marketing methods. I want to know if they are trustworthy. Wayne Hauber Thanks Matthew From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]<mailto:[mailto:SECURITY () LISTSERV EDUCAUSE EDU]> On Behalf Of Hauber, Wayne [ITSEC] Sent: Monday, August 29, 2011 11:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Groupspaces...is it social engineering or a desired campus server. I have questions about Groupspaces.com. It appears to be an organization that aggressively markets its services to student organizations. They found a way to mine lists of student organization at ISU then invited the officers of ISU clubs to use their services to manage their clubs. Background: I first heard about Groupspaces from my daughter, a student at ISU, who received an e-mail from them in April 2011. The Groupspaces folks decided that she was an officer on her dorm floor and wanted her to use their services. She was never an officer on her dorm floor but *is* the daughter of a security analyst and knows enough to be concerned. We learned of other badly targeted e-mails and investigated. Our university has no contractual relationship with Groupspaces. We noticed that it has existed for a while and may be a real service. We eventually let the matter drop. On Friday, I learned that Groupspaces was sending badly targeted e-mails to students again. A counselor wondered if they were trustworthy. I investigated and notice that Groupspaces offers many services to clubs. One notable service is dues collection. Apparently, Groupspaces will handle dues collection from your members and can use paypal and credit cards for collection. I decided that I could not tell the difference between Groupspaces and some sort of elegant social engineering/phishing scheme and temporarily blocked groupspaces.com at our campus border. Questions: 1. Is anyone familiar with Groupspaces.com and can tell us more about them? 2. Are they trustworthy? 3. Has your Treasurer's office decided that Groupspaces.com can be trusted with dues collection from your students? 4. What do they charge student organizations? 5. Has your school entered into a contractual relationship with Groupspaces.com? Wayne Hauber (515) 294-9890 Iowa State University Information Technology Services IT Security and Policies 297 Durham Center, ISU, Ames, Iowa 50011 wjhauber () iastate edu<mailto:wjhauber () iastate edu>
Current thread:
- Groupspaces...is it social engineering or a desired campus server. Hauber, Wayne [ITSEC] (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Lang, Matthew (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Hauber, Wayne [ITSEC] (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Steve Kuchta (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Tonkin, Derek K. (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Lang, Matthew (Aug 29)