Educause Security Discussion mailing list archives
Re: Tips for using third party survey providers
From: Laura Raderman <lraderman () CMU EDU>
Date: Thu, 15 Mar 2018 13:21:22 +0000
We *always* include a URL (not specifically linked where we can prevent it) to a trusted cmu.edu site (which site depends on which department is sending the message) that includes an exact copy of the message, or as close as we can get (for messages that have recipient specific information) Example: ***To verify the authenticity of this message, visit https://www.cmu.edu/iso/news/ncsam-massmail.html *** Note: Your mail reader may have converted the authenticity URL above to be a clickable link. Depending on your device/mail reader, you can check the actual destination of a clickable link by hovering your mouse over the link, "right-clicking" on the link, or tap and holding the link. ——————— If we were sending from a 3rd party, the message would include a description of what the mail was, who sent it, why, etc. We also encourage folks using such services to send to themselves first to make sure the message doesn’t sound/look too spammy. We had one department (a large one on campus that many students, staff, and faculty interact with) send out a mail advertising “Win a free month of X” and we got *many* many spam reports about it (it was legitimate). Laura Raderman ISO Policy & Compliance Coordinator Carnegie Mellon University lraderman () cmu edu
On Mar 15, 2018, at 7:47 AM, Scott Stoops <sstoops () ASHLAND EDU> wrote: We recently sent out an email to our students that contained links to a survey we wanted them to complete. The email had several pieces of information, such as actual contact information, to validate that this was a legitimate email. With an increased awareness on phishing, some of our students questioned the email and reported it as a possible phishing attempt. Like everyone, we are walking a sometimes fine line between encouraging people to not click on links from unexpected emails and still getting them to interact when an email is legitimate. What are folks doing either within the email communications themselves or in addition to the emails to indicate that these kinds of things are legitimate? One suggestion we had was to include our logo in the email but not all vendors will allow this. -- Scott Stoops Security Analyst II Office of Information Technology | 100 Patterson Technology Center Ashland, OH 44805 (w) 419-289-5405 sstoops () ashland edu
Current thread:
- Tips for using third party survey providers Scott Stoops (Mar 15)
- Re: Tips for using third party survey providers Laura Raderman (Mar 15)
- Re: Tips for using third party survey providers Ruth Ginzberg (Mar 15)
- Re: Tips for using third party survey providers Ken Connelly (Mar 15)
- Re: Tips for using third party survey providers Laura Raderman (Mar 15)