Educause Security Discussion mailing list archives

Re: phishing irony


From: "Tupker, Mike" <mtupker () MTMERCY EDU>
Date: Wed, 11 Feb 2009 08:47:53 -0600

I may be too cynical but just adding the warning won't help to "alert" users that it is a spam message. A good chunk of 
users will just ignore certain parts of an email and go straight to the questions that the email is asking.

I sent out a warning to our campus yesterday with an example of an email to watch out for and actually got responses 
with login information. It was very sad day for me.

Mike Tupker
Systems Administrator
Mount Mercy College
Office: (319) 363-1323 x1401
Mobile: (319) 538-1644
If you need assistance with an computer issue please contact the helpdesk at x4357 or http://help.mtmercy.edu.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse 
Thompson
Sent: Wednesday, February 11, 2009 8:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] phishing irony

Ah, good call.  The message went through another EDU mail server first, 
which appears to have added the warning.

It fooled me :-)  I thought it was an attempt by the phisher to diffuse 
the users' perception of risk.

Adding the warning might not be a bad idea, but I think that it should 
state that the warning was added to the message after it was sent.

========================================================================
  Warning: the content of this message indicates that it might be
  an attempt to steal your private information.

  PHISHING: Legitimate organizations NEVER ask for your SSN, password,
  account number, or other personal data.  Do NOT ever provide such
  information to anyone via email.
========================================================================

Jesse

Dan Oachs wrote:
Is there any chance that someones outbound mailserver added that to the 
top of the message as a warning?  Would be an interesting idea but 
probably would not stop many users from responding with their password 
anyway :)

--Dan


Jesse Thompson wrote:
I found a phish message today with the following at the top of the 
message:

========================================================================
PHISHING: Legitimate organizations NEVER ask for your SSN, password,
account number, or other personal data.  Do NOT ever provide such
information to anyone via email.
========================================================================

It was then followed by the usual request to reply to the @live.com 
address with account credentials.

I can't figure out if the phishers are being stupid or genius.

Jesse


-- 
   Jesse Thompson
   Division of Information Technology, University of Wisconsin-Madison
   Email/IM: jesse.thompson () doit wisc edu

Current thread: