Re: Groupspaces...is it social engineering or a desired campus server.

["Tonkin, Derek K." <Derek_Tonkin () BAYLOR EDU>]

I advise one of our campus fraternities and they use WePay for some of their collections.  It is a legitimate company 
that specializes in that sort of thing.  I have not heard of GroupSpaces but the activity Wayne described does sound 
worthy of some sort of reprimand in my personal opinion, probably in the form of some communication from your General 
Counsel.  I'd defer to that office for guidance on how to respond.  Do you know if any of your campus organizations are 
customers of GroupSpaces?

-------------Baylor University-------------
Derek Tonkin
Information Security Analyst
Information Technology Services - Security
derek_tonkin () baylor edu<mailto:derek_tonkin () baylor edu>        254-710-7061
---------------Sic 'em Bears---------------

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve 
Kuchta
Sent: Monday, August 29, 2011 2:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Groupspaces...is it social engineering or a desired campus server.

Wayne,

I have never heard of GroupSpaces, but they do appear to be a legit company based out of London. It looks like they use 
WePay for money collection, though I'm not familiar with them either. Here are their CrunchBase profiles which has some 
information about them.

http://www.crunchbase.com/company/groupspaces
http://www.crunchbase.com/company/wepay

Thanks,
Steve
Steve Kuchta
skuchta () vcu edu<mailto:skuchta () vcu edu>
Infrastructure Support Analyst
Infrastructure and Client Services
School of Medicine Technology Services
Virginia Commonwealth University
http://go.vcu.edu/somtech
________________________________
Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with 
your password, social security number or confidential personal information. For more details visit 
http://go.vcu.edu/phishing.
________________________________

On 8/29/2011 11:40 AM, Hauber, Wayne [ITSEC] wrote:
I have questions about Groupspaces.com. It appears to be an organization that aggressively markets its services to 
student organizations. They found a way to mine lists of student organization at ISU then invited the officers of ISU 
clubs to use their services to manage their clubs.

Background: I first heard about Groupspaces from my daughter, a student at ISU, who received an e-mail from them in 
April 2011. The Groupspaces folks decided that she was an officer on her dorm floor and wanted her to use their 
services. She was never an officer on her dorm floor but *is* the daughter of a security analyst and knows enough to be 
concerned. We learned of other badly targeted e-mails and investigated. Our university has no contractual relationship 
with Groupspaces.  We noticed that it has existed for a while and may be a real service. We eventually let the matter 
drop.

On Friday, I learned that Groupspaces was sending badly targeted e-mails to students again. A counselor wondered if 
they were trustworthy.

I investigated and notice that Groupspaces offers many services to clubs. One notable service is dues collection. 
Apparently, Groupspaces will handle dues collection from your members and can use paypal and credit cards for 
collection. I decided that I could not tell the difference between Groupspaces and some sort of elegant social 
engineering/phishing scheme and temporarily blocked groupspaces.com at our campus border.

Questions:


1.       Is anyone familiar with Groupspaces.com and can tell us more about them?

2.       Are they trustworthy?

3.       Has your Treasurer's office decided that Groupspaces.com can be trusted with dues collection from your 
students?

4.       What do they charge student organizations?

5.       Has your school entered into a contractual relationship with Groupspaces.com?

Wayne Hauber (515) 294-9890
Iowa State University
Information Technology Services
IT Security and Policies
297 Durham Center, ISU, Ames, Iowa 50011
wjhauber () iastate edu<mailto:wjhauber () iastate edu>