Educause Security Discussion mailing list archives
Re: Groupspaces...is it social engineering or a desired campus server.
From: "Tonkin, Derek K." <Derek_Tonkin () BAYLOR EDU>
Date: Mon, 29 Aug 2011 15:19:05 -0500
I advise one of our campus fraternities and they use WePay for some of their collections. It is a legitimate company that specializes in that sort of thing. I have not heard of GroupSpaces but the activity Wayne described does sound worthy of some sort of reprimand in my personal opinion, probably in the form of some communication from your General Counsel. I'd defer to that office for guidance on how to respond. Do you know if any of your campus organizations are customers of GroupSpaces? -------------Baylor University------------- Derek Tonkin Information Security Analyst Information Technology Services - Security derek_tonkin () baylor edu<mailto:derek_tonkin () baylor edu> 254-710-7061 ---------------Sic 'em Bears--------------- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve Kuchta Sent: Monday, August 29, 2011 2:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Groupspaces...is it social engineering or a desired campus server. Wayne, I have never heard of GroupSpaces, but they do appear to be a legit company based out of London. It looks like they use WePay for money collection, though I'm not familiar with them either. Here are their CrunchBase profiles which has some information about them. http://www.crunchbase.com/company/groupspaces http://www.crunchbase.com/company/wepay Thanks, Steve Steve Kuchta skuchta () vcu edu<mailto:skuchta () vcu edu> Infrastructure Support Analyst Infrastructure and Client Services School of Medicine Technology Services Virginia Commonwealth University http://go.vcu.edu/somtech ________________________________ Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://go.vcu.edu/phishing. ________________________________ On 8/29/2011 11:40 AM, Hauber, Wayne [ITSEC] wrote: I have questions about Groupspaces.com. It appears to be an organization that aggressively markets its services to student organizations. They found a way to mine lists of student organization at ISU then invited the officers of ISU clubs to use their services to manage their clubs. Background: I first heard about Groupspaces from my daughter, a student at ISU, who received an e-mail from them in April 2011. The Groupspaces folks decided that she was an officer on her dorm floor and wanted her to use their services. She was never an officer on her dorm floor but *is* the daughter of a security analyst and knows enough to be concerned. We learned of other badly targeted e-mails and investigated. Our university has no contractual relationship with Groupspaces. We noticed that it has existed for a while and may be a real service. We eventually let the matter drop. On Friday, I learned that Groupspaces was sending badly targeted e-mails to students again. A counselor wondered if they were trustworthy. I investigated and notice that Groupspaces offers many services to clubs. One notable service is dues collection. Apparently, Groupspaces will handle dues collection from your members and can use paypal and credit cards for collection. I decided that I could not tell the difference between Groupspaces and some sort of elegant social engineering/phishing scheme and temporarily blocked groupspaces.com at our campus border. Questions: 1. Is anyone familiar with Groupspaces.com and can tell us more about them? 2. Are they trustworthy? 3. Has your Treasurer's office decided that Groupspaces.com can be trusted with dues collection from your students? 4. What do they charge student organizations? 5. Has your school entered into a contractual relationship with Groupspaces.com? Wayne Hauber (515) 294-9890 Iowa State University Information Technology Services IT Security and Policies 297 Durham Center, ISU, Ames, Iowa 50011 wjhauber () iastate edu<mailto:wjhauber () iastate edu>
Current thread:
- Groupspaces...is it social engineering or a desired campus server. Hauber, Wayne [ITSEC] (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Lang, Matthew (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Hauber, Wayne [ITSEC] (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Steve Kuchta (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Tonkin, Derek K. (Aug 29)
- Re: Groupspaces...is it social engineering or a desired campus server. Lang, Matthew (Aug 29)