Educause Security Discussion mailing list archives
Re: phishing irony
From: "Tupker, Mike" <mtupker () MTMERCY EDU>
Date: Wed, 11 Feb 2009 08:47:53 -0600
I may be too cynical but just adding the warning won't help to "alert" users that it is a spam message. A good chunk of users will just ignore certain parts of an email and go straight to the questions that the email is asking. I sent out a warning to our campus yesterday with an example of an email to watch out for and actually got responses with login information. It was very sad day for me. Mike Tupker Systems Administrator Mount Mercy College Office: (319) 363-1323 x1401 Mobile: (319) 538-1644 If you need assistance with an computer issue please contact the helpdesk at x4357 or http://help.mtmercy.edu. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse Thompson Sent: Wednesday, February 11, 2009 8:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] phishing irony Ah, good call. The message went through another EDU mail server first, which appears to have added the warning. It fooled me :-) I thought it was an attempt by the phisher to diffuse the users' perception of risk. Adding the warning might not be a bad idea, but I think that it should state that the warning was added to the message after it was sent. ======================================================================== Warning: the content of this message indicates that it might be an attempt to steal your private information. PHISHING: Legitimate organizations NEVER ask for your SSN, password, account number, or other personal data. Do NOT ever provide such information to anyone via email. ======================================================================== Jesse Dan Oachs wrote:
Is there any chance that someones outbound mailserver added that to the top of the message as a warning? Would be an interesting idea but probably would not stop many users from responding with their password anyway :) --Dan Jesse Thompson wrote:I found a phish message today with the following at the top of the message: ======================================================================== PHISHING: Legitimate organizations NEVER ask for your SSN, password, account number, or other personal data. Do NOT ever provide such information to anyone via email. ======================================================================== It was then followed by the usual request to reply to the @live.com address with account credentials. I can't figure out if the phishers are being stupid or genius. Jesse
-- Jesse Thompson Division of Information Technology, University of Wisconsin-Madison Email/IM: jesse.thompson () doit wisc edu
Current thread:
- phishing irony Jesse Thompson (Feb 11)
- <Possible follow-ups>
- Re: phishing irony Dan Oachs (Feb 11)
- Re: phishing irony Jesse Thompson (Feb 11)
- Re: phishing irony Tupker, Mike (Feb 11)
- Re: phishing irony Pace, Guy (Feb 11)
- Re: phishing irony Mike Porter (Feb 11)
- Re: phishing irony Gary Flynn (Feb 11)
- Re: phishing irony Paul Crittenden (Feb 12)
- Re: phishing irony Ozzie Paez (Feb 12)
- Re: phishing irony HALL, NATHANIEL D. (Feb 12)
- Re: phishing irony Pete Hickey (Feb 12)
- Re: phishing irony Matthew Gracie (Feb 12)
- Re: phishing irony Valdis Kletnieks (Feb 12)
- Re: phishing irony Gary Flynn (Feb 13)
(Thread continues...)