Educause Security Discussion mailing list archives
Re: Tips for using third party survey providers
From: Ken Connelly <ken.connelly () UNI EDU>
Date: Thu, 15 Mar 2018 08:56:47 -0500
If you have departments on campus sending mass messages that the recipients think are spam or phishing, then two things are true: 1. Your educational efforts on spotting phishing messages are top-notch and deserve recognition. 2. The sending department(s) need some guidance in crafting their message. - ken On 3/15/18 8:21 AM, Laura Raderman wrote:
We *always* include a URL (not specifically linked where we can prevent it) to a trusted cmu.edu site (which site depends on which department is sending the message) that includes an exact copy of the message, or as close as we can get (for messages that have recipient specific information) Example: ***To verify the authenticity of this message, visit https://www.cmu.edu/iso/news/ncsam-massmail.html *** Note: Your mail reader may have converted the authenticity URL above to be a clickable link. Depending on your device/mail reader, you can check the actual destination of a clickable link by hovering your mouse over the link, "right-clicking" on the link, or tap and holding the link. ——————— If we were sending from a 3rd party, the message would include a description of what the mail was, who sent it, why, etc. We also encourage folks using such services to send to themselves first to make sure the message doesn’t sound/look too spammy. We had one department (a large one on campus that many students, staff, and faculty interact with) send out a mail advertising “Win a free month of X” and we got *many* many spam reports about it (it was legitimate). Laura Raderman ISO Policy & Compliance Coordinator Carnegie Mellon University lraderman () cmu eduOn Mar 15, 2018, at 7:47 AM, Scott Stoops <sstoops () ASHLAND EDU> wrote: We recently sent out an email to our students that contained links to a survey we wanted them to complete. The email had several pieces of information, such as actual contact information, to validate that this was a legitimate email. With an increased awareness on phishing, some of our students questioned the email and reported it as a possible phishing attempt. Like everyone, we are walking a sometimes fine line between encouraging people to not click on links from unexpected emails and still getting them to interact when an email is legitimate. What are folks doing either within the email communications themselves or in addition to the emails to indicate that these kinds of things are legitimate? One suggestion we had was to include our logo in the email but not all vendors will allow this. -- Scott Stoops Security Analyst II Office of Information Technology | 100 Patterson Technology Center Ashland, OH 44805 (w) 419-289-5405 sstoops () ashland edu
-- - Ken ================================================================= Ken Connelly Director, Information Security Information Security Officer University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent!
Current thread:
- Tips for using third party survey providers Scott Stoops (Mar 15)
- Re: Tips for using third party survey providers Laura Raderman (Mar 15)
- Re: Tips for using third party survey providers Ruth Ginzberg (Mar 15)
- Re: Tips for using third party survey providers Ken Connelly (Mar 15)
- Re: Tips for using third party survey providers Laura Raderman (Mar 15)